From sara at sinodun.com  Thu Jun 12 13:52:19 2014
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 12 Jun 2014 14:52:19 +0100
Subject: [Opendnssec-develop] RE: Team meeting - Friday 13 June @ 14:00 CEST
References: <A338ADD1-805E-4D81-AC49-EAD300CE52EC@sinodun.com>
Message-ID: <5CA3BEC7-C080-4D0F-906F-FE33A8A2DCD8@sinodun.com>

Hi All, 

We have a team meeting schedule for tomorrow:

Date:      Friday 13 June 2014
Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
Method:  Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details)
Agenda:  Will be available later today

Sara. 

Begin forwarded message:

> From: Sara Dickinson <sara at sinodun.com>
> Subject: Re: [Opendnssec-develop] Team meeting - Tuesday 20 May @ 14:00 CEST
> Date: 20 May 2014 17:06:50 BST
> To: Opd Dev <opendnssec-develop at lists.opendnssec.org>
> 
> Hi All, 
> 
> Minutes of the meeting today are available online for review:
> 
> https://wiki.opendnssec.org/display/OpenDNSSEC/2014-05-20+Minutes
> 
> I?m afraid I can?t do Wed 11th June after all(!) so I would like to propose Friday 13th @ 14:00 CEST instead: 
> 
> Date:      Friday 13 June 2014
> Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenDNSSEC meeting.ics
Type: text/calendar
Size: 712 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140612/06dbd9a1/attachment.bin>
-------------- next part --------------
> 
> 
> Sara.
> 


From sara at sinodun.com  Fri Jun 13 07:29:52 2014
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 13 Jun 2014 08:29:52 +0100
Subject: [Opendnssec-develop] Team meeting - Friday 13 June @ 14:00 CEST
In-Reply-To: <5CA3BEC7-C080-4D0F-906F-FE33A8A2DCD8@sinodun.com>
References: <A338ADD1-805E-4D81-AC49-EAD300CE52EC@sinodun.com>
	<5CA3BEC7-C080-4D0F-906F-FE33A8A2DCD8@sinodun.com>
Message-ID: <CA2626C3-60B3-46F6-A989-571397060807@sinodun.com>


Agenda: https://wiki.opendnssec.org/display/OpenDNSSEC/2014-06-13+Agenda

On 12 Jun 2014, at 14:52, Sara Dickinson <sara at sinodun.com> wrote:

> Hi All, 
> 
> We have a team meeting schedule for tomorrow:
> 
> Date:      Friday 13 June 2014
> Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
> Method:  Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details)
> Agenda:  Will be available later today
> 
> Sara. 
> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140613/478cd9cf/attachment.htm>

From sara at sinodun.com  Fri Jun 13 13:20:22 2014
From: sara at sinodun.com (Sara Dickinson)
Date: Fri, 13 Jun 2014 14:20:22 +0100
Subject: [Opendnssec-develop] Team meeting - Friday 13 June @ 14:00 CEST
In-Reply-To: <5CA3BEC7-C080-4D0F-906F-FE33A8A2DCD8@sinodun.com>
References: <A338ADD1-805E-4D81-AC49-EAD300CE52EC@sinodun.com>
	<5CA3BEC7-C080-4D0F-906F-FE33A8A2DCD8@sinodun.com>
Message-ID: <09EBBCB8-6A46-44FB-8DA0-FBC17488C615@sinodun.com>

All, 

Minutes from the meeting today are available for review:

https://wiki.opendnssec.org/display/OpenDNSSEC/2014-06-13+Minutes

The next meeting is scheduled for:

Date:      Tuesday 1 July 2014
Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC



Sara. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenDNSSEC meeting.ics
Type: text/calendar
Size: 712 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140613/c4ded38e/attachment.bin>
-------------- next part --------------


On 12 Jun 2014, at 14:52, Sara Dickinson <sara at sinodun.com> wrote:

> Hi All, 
> 
> We have a team meeting schedule for tomorrow:
> 
> Date:      Friday 13 June 2014
> Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
> Method:  Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details)
> Agenda:  Will be available later today
> 
> Sara. 
> 
> Begin forwarded message:
> 
>> From: Sara Dickinson <sara at sinodun.com>
>> Subject: Re: [Opendnssec-develop] Team meeting - Tuesday 20 May @ 14:00 CEST
>> Date: 20 May 2014 17:06:50 BST
>> To: Opd Dev <opendnssec-develop at lists.opendnssec.org>
>> 
>> Hi All, 
>> 
>> Minutes of the meeting today are available online for review:
>> 
>> https://wiki.opendnssec.org/display/OpenDNSSEC/2014-05-20+Minutes
>> 
>> I?m afraid I can?t do Wed 11th June after all(!) so I would like to propose Friday 13th @ 14:00 CEST instead: 
>> 
>> Date:      Friday 13 June 2014
>> Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
>> 
> <OpenDNSSEC meeting.ics>
>> 
>> 
>> Sara.
>> 
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop


From Roland.vanRijswijk at surfnet.nl  Mon Jun 16 06:16:30 2014
From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij)
Date: Mon, 16 Jun 2014 08:16:30 +0200
Subject: [Opendnssec-develop] Slides SoftHSM
Message-ID: <539E8BBE.8070309@surfnet.nl>

Hi guys,

I've been asked to take part in a panel discussion at ICANN 50 on HSMs
and will represent the "SoftHSM" / "OpenDNSSEC" perspective; before I
cook up something on my own, does anybody have any recent slides about
SoftHSM that I can get some "inspiration" from? (I will happily make my
own, especially about SoftHSM v2, but am somewhat less knowledgeable
about SHSM v1 ;-) ).

Cheers,

Roland

-- 
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surfnet.nl/en/
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4412 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140616/db81e8bc/attachment.bin>

From jerry at opendnssec.org  Mon Jun 16 13:21:35 2014
From: jerry at opendnssec.org (Jerry =?ISO-8859-1?Q?Lundstr=F6m?=)
Date: Mon, 16 Jun 2014 15:21:35 +0200
Subject: [Opendnssec-develop] My involvement in the project is at an end
Message-ID: <1402924895.5870.6.camel@mine>

Hi all,

My involvement in the OpenDNSSEC open source project is at an end, the
remaining time I have left in this project will be focused on the 2.0.0
alpha 4 release with a no later date than the end of July.

There is currently no plan for a handover but hopefully one will be made
at/after the ICANN 50 meeting. Whether I will be returning to the
project in the future or not is for the future to decide.

It's been fun! Sk?l!

-- 
Jerry Lundstr?m - OpenDNSSEC Developer
http://www.opendnssec.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140616/106268ac/attachment.bin>

From rickard at opendnssec.org  Wed Jun 18 10:48:51 2014
From: rickard at opendnssec.org (Rickard Bellgrim)
Date: Wed, 18 Jun 2014 12:48:51 +0200
Subject: [Opendnssec-develop] Slides SoftHSM
In-Reply-To: <539E8BBE.8070309@surfnet.nl>
References: <539E8BBE.8070309@surfnet.nl>
Message-ID: <CAKFiof=SsEFbKR_P1yeDtYkf-f17YeUJ6sVYHiVSbOJ3JVUoeg@mail.gmail.com>

Sorry, got no slides about SoftHSM.

// Rickard

On Mon, Jun 16, 2014 at 8:16 AM, Roland van Rijswijk - Deij <
Roland.vanRijswijk at surfnet.nl> wrote:

> Hi guys,
>
> I've been asked to take part in a panel discussion at ICANN 50 on HSMs
> and will represent the "SoftHSM" / "OpenDNSSEC" perspective; before I
> cook up something on my own, does anybody have any recent slides about
> SoftHSM that I can get some "inspiration" from? (I will happily make my
> own, especially about SoftHSM v2, but am somewhat less knowledgeable
> about SHSM v1 ;-) ).
>
> Cheers,
>
> Roland
>
> --
> -- Roland M. van Rijswijk - Deij
> -- SURFnet bv
> -- w: http://www.surfnet.nl/en/
> -- t: +31-30-2305388
> -- e: roland.vanrijswijk at surfnet.nl
>
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140618/b45e06a4/attachment.htm>

From Roland.vanRijswijk at surfnet.nl  Wed Jun 18 10:50:03 2014
From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk - Deij)
Date: Wed, 18 Jun 2014 12:50:03 +0200
Subject: [Opendnssec-develop] Slides SoftHSM
In-Reply-To: <CAKFiof=SsEFbKR_P1yeDtYkf-f17YeUJ6sVYHiVSbOJ3JVUoeg@mail.gmail.com>
References: <539E8BBE.8070309@surfnet.nl>
	<CAKFiof=SsEFbKR_P1yeDtYkf-f17YeUJ6sVYHiVSbOJ3JVUoeg@mail.gmail.com>
Message-ID: <53A16EDB.4080801@surfnet.nl>

Hey Rickard (et al.),

I've cooked up some slides, they may be of use to other presenting about
SoftHSM (attached)

Cheers,

Roland

Rickard Bellgrim wrote:
> Sorry, got no slides about SoftHSM.
> 
> // Rickard
> 
> On Mon, Jun 16, 2014 at 8:16 AM, Roland van Rijswijk - Deij
> <Roland.vanRijswijk at surfnet.nl <mailto:Roland.vanRijswijk at surfnet.nl>>
> wrote:
> 
>     Hi guys,
> 
>     I've been asked to take part in a panel discussion at ICANN 50 on HSMs
>     and will represent the "SoftHSM" / "OpenDNSSEC" perspective; before I
>     cook up something on my own, does anybody have any recent slides about
>     SoftHSM that I can get some "inspiration" from? (I will happily make my
>     own, especially about SoftHSM v2, but am somewhat less knowledgeable
>     about SHSM v1 ;-) ).
> 
>     Cheers,
> 
>     Roland
> 
>     --
>     -- Roland M. van Rijswijk - Deij
>     -- SURFnet bv
>     -- w: http://www.surfnet.nl/en/
>     -- t: +31-30-2305388 <tel:%2B31-30-2305388>
>     -- e: roland.vanrijswijk at surfnet.nl
>     <mailto:roland.vanrijswijk at surfnet.nl>
> 
>     _______________________________________________
>     Opendnssec-develop mailing list
>     Opendnssec-develop at lists.opendnssec.org
>     <mailto:Opendnssec-develop at lists.opendnssec.org>
>     https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 
> 

-- 
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surfnet.nl/en/
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20140625 - SoftHSM - ICANN50 - London.pdf
Type: application/pdf
Size: 464200 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140618/14438954/attachment.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4412 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140618/14438954/attachment.bin>

From sara at sinodun.com  Tue Jun 24 13:21:11 2014
From: sara at sinodun.com (Sara Dickinson)
Date: Tue, 24 Jun 2014 14:21:11 +0100
Subject: [Opendnssec-develop] RE: 1.4.6 release candidate
Message-ID: <FCC2C72D-287A-4E56-8B1B-D37C08EC088B@sinodun.com>

Hi All, 

Matthijs and I had a discussion about the next 1.4 release today. There are some additional minor signer changes that we agreed should go into the release so the plan now is to have a release candidate out early next week. 

Sara. 



From rick at openfortress.nl  Wed Jun 25 12:53:03 2014
From: rick at openfortress.nl (Rick van Rein)
Date: Wed, 25 Jun 2014 14:53:03 +0200
Subject: [Opendnssec-develop] FYI: Enforcer storage in LDAP at RedHat
Message-ID: <EC43CE34-D44C-4225-A718-FBC102269A09@openfortress.nl>

Hi,

A while back we?ve discussed alternate databases, and I proposed LDAP as an option.  It was deemed too far off the current design of the Enforcer, even if it is technically practical for many admins.

When discussing some OpenDNSSEC-related things with Petr Spacek, he showed me RedHat's project that is doing exactly this; they are storing the information from the Enforcer in their FreeIPA infrastructure.  Their short and long term plans are here:

 * https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm
 * https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm

They also intend to store wrapped private keys in LDAP; I am talking them through alternatives which retain PKCS #11 protection yet support their wishes.


Cheers,
 -Rick

From jakob at kirei.se  Wed Jun 25 17:57:19 2014
From: jakob at kirei.se (Jakob Schlyter)
Date: Wed, 25 Jun 2014 19:57:19 +0200
Subject: [Opendnssec-develop] FYI: Enforcer storage in LDAP at RedHat
In-Reply-To: <EC43CE34-D44C-4225-A718-FBC102269A09@openfortress.nl>
References: <EC43CE34-D44C-4225-A718-FBC102269A09@openfortress.nl>
Message-ID: <0BB4802D-C508-4CDF-B77A-EDD7F6E170DC@kirei.se>

On 25 jun 2014, at 14:53, Rick van Rein <rick at openfortress.nl> wrote:

> A while back we?ve discussed alternate databases, and I proposed LDAP as an option.  It was deemed too far off the current design of the Enforcer, even if it is technically practical for many admins.
> 
> When discussing some OpenDNSSEC-related things with Petr Spacek, he showed me RedHat's project that is doing exactly this; they are storing the information from the Enforcer in their FreeIPA infrastructure.  Their short and long term plans are here:

This is exactly why we have non-SQL database backend (currently CouchDB) as an alternative for SQL (currently SQLite) for OpenDNSSEC 2.0 :-)

	jakob



From jerry at opendnssec.org  Thu Jun 26 06:19:41 2014
From: jerry at opendnssec.org (=?UTF-8?Q?Jerry_Lundstr=C3=B6m?=)
Date: Thu, 26 Jun 2014 08:19:41 +0200
Subject: [Opendnssec-develop] FYI: Enforcer storage in LDAP at RedHat
In-Reply-To: <EC43CE34-D44C-4225-A718-FBC102269A09@openfortress.nl>
References: <EC43CE34-D44C-4225-A718-FBC102269A09@openfortress.nl>
Message-ID: <-173159922276882558@unknownmsgid>

Hi Rick,

Currently home sick so I will be short.

Petr sent a mail to the user list in early Mars and it did not go
unnoticed. We are working on a new database layer [1][2], it supports
basicly any backend and we are converting existing code from C++ to C and
making it non-transactional.

[1] https://github.com/opendnssec/opendnssec/pull/76
[2] https://github.com/jelu/opendnssec/tree/dbx/enforcer-ng/src/db

-- 
Jerry Lundstr?m - OpenDNSSEC Developer
http://www.opendnssec.org/

On 25 jun 2014, at 14:53, Rick van Rein <rick at openfortress.nl> wrote:

Hi,

A while back we?ve discussed alternate databases, and I proposed LDAP as an
option.  It was deemed too far off the current design of the Enforcer, even
if it is technically practical for many admins.

When discussing some OpenDNSSEC-related things with Petr Spacek, he showed
me RedHat's project that is doing exactly this; they are storing the
information from the Enforcer in their FreeIPA infrastructure.  Their short
and long term plans are here:

*
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm
*
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm

They also intend to store wrapped private keys in LDAP; I am talking them
through alternatives which retain PKCS #11 protection yet support their
wishes.


Cheers,
-Rick_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140626/349f5389/attachment.htm>

From olaf at NLnetLabs.nl  Thu Jun 26 11:19:13 2014
From: olaf at NLnetLabs.nl (Olaf Kolkman)
Date: Thu, 26 Jun 2014 12:19:13 +0100
Subject: [Opendnssec-develop] Unsubscribing...
Message-ID: <DCCC144B-F3C0-4D20-8B7D-00FB81E71AA3@NLnetLabs.nl>



Folk,

Next week is my last full working week at NLnet Labs, I am in the process of reviewing the various email lists that I will continue to be subscribed with or migrate (and to where).

As far as the opendnssec mailing lists are concerned, I  will continue to be subscribed to the architecture board list, but move out of the development lists. But first: 

I believe deeply in this project, please keep up the good work!!!!

Thanks for the good work and collaboration. Our paths will pass.

?Olaf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 846 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20140626/a4a814c9/attachment.bin>

From sara at sinodun.com  Mon Jun 30 11:45:13 2014
From: sara at sinodun.com (Sara Dickinson)
Date: Mon, 30 Jun 2014 12:45:13 +0100
Subject: [Opendnssec-develop] RE: Team meeting - Tuesday 1 July @ 14:00 CEST
Message-ID: <B47310D6-3BF2-4A60-BC82-2811195CD9F1@sinodun.com>

Hi All, 

We have a team meeting scheduled for tomorrow:

Date:      Tuesday 1 July 2014
Time:      14:00-15:00 CEST, 13:00-14:00 BST, 20:00-21:00 CST, 12:00-13:00 UTC
Method:  Teamspeak (https://wiki.opendnssec.org/display/OpenDNSSEC/Conference+call+details)
Agenda:  https://wiki.opendnssec.org/display/OpenDNSSEC/2014-07-01+Agenda

Sara.