[Opendnssec-develop] A big thank you for SoftHSM

Rick van Rein rick at openfortress.nl
Fri Dec 11 11:58:45 UTC 2015


Hi all,

I want to post a big Thank You to the OpenDNSSEC project for not just
developing a great DNSSEC signer, but also create an open source PKCS
#11 implementation that goes well beyond the needs for DNSSEC and
instead tries to be a general implementation.

This software has helped to innovate things, because it is so easy to
try things out!  Just to give a few examples that I could publish and
let other people try without requiring hardware and drivers:

* https://github.com/arpa2/tlspool -- A TLS implementation in a separate
daemon, with credentials stored behind PKCS #11
* https://github.com/arpa2/kerberos-pkcs11 -- A quick demo that
current-day Kerberos crypto can be protected by PKCS #11
* https://github.com/arpa2/srp-pkcs11 -- Secure Remote Passwords with a
modified client-side formalism that protects the "password" through PKCS #11

In addition, I am pleased with the continued, thorough bugfixing
support.  Thank you very much!

Rick van Rein
OpenFortress.nl / ARPA2.net



More information about the Opendnssec-develop mailing list