[Opendnssec-user] SQLite -> MySQL

Rick van Rein rick at openfortress.nl
Wed Apr 21 11:15:42 UTC 2010


> so there's no way to use mysql for opendnssec and sofhsm ?

I don't think anybody would/should want MySQL under SoftHSM.

SoftHSM implements PKCS #11 which is an API to secure information.
Putting that all in a database kind-of defeats that purpose.

The reason for using SQLite under SoftHSM is just some form of
(file-based) storage; it is not with the idea to have the generic
powers of a database unleashed.

For the key repository of the enforcer, the story is quite different
IMHO.  I would want the policy data to easily traverse sites, as
that is useful for redundant setups, and the data is not a security

I would expect that anyone going through the trouble of redundant
setups would also choose an HSM (or perhaps a physical smart card)
instead of a SoftHSM.  Correct me if my creativity is low on this
one though :)


More information about the Opendnssec-user mailing list