[Opendnssec-develop] Adding ECC to ods-signer
Rick van Rein
rick at openfortress.nl
Tue Sep 27 15:28:43 UTC 2016
The Enforcer would need to allocate the ECDSA keys, I suppose. My
surprise was that the Signer appears to be ready because it is
agnostic to key types, and only wants a DNS algorithm identifier
to publish. I will be testing that -- am now generating keys and
with .signconf files with PyKCS11 to be able to tickle the Signer
into actually using ECDSA.
Just to manage expectations: I will not make changes to the Enforcer.
I will report my findings in #450 and on this list. I'm note
really sure what "has been tested with OpenDNSSEC" means here.
More information about the Opendnssec-develop