[Opendnssec-user] SoftHSM requirements: proposed addition
Roland van Rijswijk
roland.vanrijswijk at surfnet.nl
Thu May 27 12:31:22 UTC 2010
Rickard Bellgrim wrote:
> On 27 maj 2010, at 12.12, Ondřej Surý wrote:
>> I have a guy on my team who wrote libusb proxy last year as part of
>> our programme to support students. In the end he wrote universal
>> framework and he may be able to prepare pkcs11 proxy within a
>> month timeframe, maybe quicker.
> Yeah, that would be really nice. Because that would create a good
> foundation, since you do not have to invent the wheel again.
I like the idea of re-using code as well. But PKCS #11 has some nasty
peculiarities that will make it hard to proxy one-on-one especially if
multiple applications or threads are accessing the proxy interface.
> But first we need a good list of requirements. Maybe you want to
> start on that work? We can assist you more when we have SoftHSM v2.
Agreed. Requirement #1: a secure connection between the proxy and the
server (SSL, preferably also support client authentication).
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
More information about the Opendnssec-user