[Opendnssec-develop] Adding ECC to ods-signer

Rick van Rein rick at openfortress.nl
Tue Sep 27 15:28:43 UTC 2016


Thanks Yuri.

The Enforcer would need to allocate the ECDSA keys, I suppose.  My
surprise was that the Signer appears to be ready because it is
agnostic to key types, and only wants a DNS algorithm identifier
to publish.  I will be testing that -- am now generating keys and
with .signconf files with PyKCS11 to be able to tickle the Signer
into actually using ECDSA.

Just to manage expectations: I will not make changes to the Enforcer.

I will report my findings in #450 and on this list.  I'm note
really sure what "has been tested with OpenDNSSEC" means here.


More information about the Opendnssec-develop mailing list