[Opendnssec-develop] Sun SCA6000 on Ubuntu

roy at nominet.org.uk roy at nominet.org.uk
Tue Jun 30 11:42:36 UTC 2009


Jelte Jansen wrote on 06/30/2009 01:36:22 PM:

> Jakob Schlyter wrote:
> >
> > oh, my bad - I thought we only used the ldns functions. would that be
an
> > easy change? or something we can detect at runtime?
> >
>
> we do use the ldns functions, but only for nsec3 hashing (because that's
> entirely handled by ldns)
>
> for signature input hashing, i think it shouldn't be too hard to just try
and
> use the hsm, and on CKR_BAD_MECHANISM (or whatever it was), fall
> back to ldns.

Why bother? why use an hsm to do the hashing? Just because we can ... often
?

> In pivotal land i would give it 1 point :)

eh?

Roy




More information about the Opendnssec-develop mailing list