[Opendnssec-develop] Re: [Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r2525 - trunk/OpenDNSSEC
Matthijs Mekking
matthijs at NLnetLabs.nl
Fri Nov 27 08:40:05 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jakob Schlyter wrote:
> On 27 nov 2009, at 08.59, Matthijs Mekking wrote:
>
>> +* Signer Engine: verifies signature after creation.
>
> what is the performance penalty on this?
> is verification done using PKCS#11 or locally?
>
> jakob
>
For a 416K tld alike zone, the initial signing time increased from 1m25
to 1m42 on my Ubuntu desktop machine.
Verification is done locally with ldns_verify_rrsig_keylist.
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJLD5BjAAoJEA8yVCPsQCW51wAIAJx44LSh2CV7ecRvsG0A8RBG
rTnLNbFg/fJYJXJ1EAD7K1kuLRMOry4pZt3mXnDXh6RhLv+hmyzfonkKWVkfSq4o
Xw8GDHzX8i8Kc6jve49RCU2vyU+FL7Mb6XilxvoE/UZfAaSVACb+gT6YNmdTbiwd
d1cRFIC6nt9MsfnX92ZVF/6Nwbbt+n4c2djom/NWQ8IIHc/Af1WUmScs6P6VRjOb
upOMeNP4v3fc8x/psd623o3KXsUkstEBzumwseabv5wQWKitf0F9fiQ17FqDPGNl
GJRYYKDig1WP8oa3gwgqRcEoFe+lFjyND9J/lyF/84kvocdZapSqXqB7DTswBf4=
=ftAc
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list