[Opendnssec-develop] Adding ECC to ods-signer

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Tue Sep 27 18:32:03 UTC 2016

On Mon, Sep 26, 2016 at 08:54:54AM +0200, Rick van Rein wrote:
> I have been asked by SURFnet to enhance the ods-signer with Elliptic
> Curve algorithms.  You are probably aware of the research that has been
> done by Roland, which turns out in favour of ECDSA signatures.

Great.  It had not been on our list of immediate plans because
it was not in direct demand and because of some bugs in libhsm
which have been cleared now.

> My plan is to fork either 2.0/master and work on that from my own
> repository.

The GitHub workflow in use is to fork on github.  Do not clone or
fork outside of GitHub because then you have a harder time being
in sync.
There is a "fork" button on https://github.com/opendnssec/OpenDNSSEC
on the top-right op the page.  This is not a hard fork but allows
you to keep in sync with 2.0 and create a pull request to submit your
changes back.  You can use 2.0/master, but you can keep closer to
the current developments by using "develop".

> Just let me know if you this interferes with any work you are currently
> doing, or if you have any advise or requests that would make it simpler
> for you to accept an upcoming patch -- because of course we'll be
> offering it back to the project.

We would welcome this contribution.  If your time permits, I see
no problem getting this into the next 2.1 release.  I would like not
to make functional releases if possible in 2.0, only bug fix releases.
We want to go to more frequent releases and just go for the next 2.1 and
2.2 release this year.

We believe this change is not very intrusive to the code.  Probably
allowing the values in the configuration (which is hairy code, but we
want to turn to that later, so just keep it).  And passing it around.
Most (all) of the code is unaware of the algo used.
There is currently no change planned that we forsee could interfere
with this change.  So actually, if you want the change, the coming
time is a good period to submit it.

When you have something to review or submit you can push your changes
back to github and make a pull-request for it.

With kind regards,
Berry van Halderen
N: (Berry) A.W. van Halderen
E: berry at nlnetlabs.nl
O: NLnet Labs
W: http://www.nlnetlabs.nl/

More information about the Opendnssec-develop mailing list