[Opendnssec-develop] Signature verification in SoftHSM
Matthijs Mekking
matthijs at NLnetLabs.nl
Thu Mar 31 09:23:45 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
He was testing trunk, using SoftHSM and saw the signer output bogus
signatures (in the signed zonefile). SoftHSM was with the checking code
*off*. (FYI, I think his problems might had to do with the (now closed)
pivotal stories about wrong serial increasing and not updating
DNSKEY/NSEC3PARAM RRsets).
Sorry for the confusion.
Best regards,
Matthijs
On 03/31/2011 11:15 AM, Alex Dalitz wrote:
>> On 03/09/2011 06:42 AM, Sebastian Castro wrote:
>>> Although after the increase in the number of signers things are
>>> better, I still see invalid zones because one key is missing or bogus
>>> signatures (which I reported on a separated email).
>>
>> He is using softHSM. I'll ask for more info.
>
> Apologies if I've misunderstood this...
>
> Is Sebastian saying that he is running with the softhsm checking code on, and has discovered invalid signatures?
>
> If so, then I think that the code should stay.
>
> Thanks,
>
>
> Alex._______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNlEghAAoJEA8yVCPsQCW54ckH/1uwDmTzeveduzXAFg3+i1ah
nmUVJ+1Sye7o1vVx316MeqJzjJaG4SvfYX6w+8jVoi6irR+5GTliOnnuDng013hh
TP/YuRUuZjqPgqsPaSmxChGD7kYjPuFNyBXyXPqqyFhE6IN40fa7eD50kuUQhdgI
CkeS3wghXFhsQkzUvIjBR6+SLBMm8N3Q7mwzt0AjhiS6WrgNgjeJ4gHCQVxApmNm
GjwKv29hQXYmmPxvWfbHwOAIkNCHph7xzJBfLZ1p+Ko6LG1NGNxhGoRSZbOuFbJ7
PfBBdJoeVKAapKZrvqWnvFbtmgHSemd5kDNO/daNzYuX0wf7fv65pEaElx/vgF0=
=HVJQ
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list