[Opendnssec-user] SQLite -> MySQL
Rick van Rein
rick at openfortress.nl
Wed Apr 21 11:15:42 UTC 2010
Rachid,
> so there's no way to use mysql for opendnssec and sofhsm ?
I don't think anybody would/should want MySQL under SoftHSM.
SoftHSM implements PKCS #11 which is an API to secure information.
Putting that all in a database kind-of defeats that purpose.
The reason for using SQLite under SoftHSM is just some form of
(file-based) storage; it is not with the idea to have the generic
powers of a database unleashed.
For the key repository of the enforcer, the story is quite different
IMHO. I would want the policy data to easily traverse sites, as
that is useful for redundant setups, and the data is not a security
concern.
I would expect that anyone going through the trouble of redundant
setups would also choose an HSM (or perhaps a physical smart card)
instead of a SoftHSM. Correct me if my creativity is low on this
one though :)
Cheers,
-Rick
More information about the Opendnssec-user
mailing list