[Opendnssec-develop] Sun SCA6000 on Ubuntu
roy at nominet.org.uk
roy at nominet.org.uk
Tue Jun 30 11:42:36 UTC 2009
Jelte Jansen wrote on 06/30/2009 01:36:22 PM:
> Jakob Schlyter wrote:
> >
> > oh, my bad - I thought we only used the ldns functions. would that be
an
> > easy change? or something we can detect at runtime?
> >
>
> we do use the ldns functions, but only for nsec3 hashing (because that's
> entirely handled by ldns)
>
> for signature input hashing, i think it shouldn't be too hard to just try
and
> use the hsm, and on CKR_BAD_MECHANISM (or whatever it was), fall
> back to ldns.
Why bother? why use an hsm to do the hashing? Just because we can ... often
?
> In pivotal land i would give it 1 point :)
eh?
Roy
More information about the Opendnssec-develop
mailing list