[Opendnssec-user] SoftHSM requirements: proposed addition

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Thu May 27 12:31:22 UTC 2010

Rickard Bellgrim wrote:
> On 27 maj 2010, at 12.12, Ondřej Surý wrote:
>> I have a guy on my team who wrote libusb proxy last year as part of
>>  our programme to support students. In the end he wrote universal
>>  framework and he may be able to prepare pkcs11 proxy within a
>> month timeframe, maybe quicker.
> Yeah, that would be really nice. Because that would create a good
> foundation,  since you do not have to invent the wheel again.

I like the idea of re-using code as well. But PKCS #11 has some nasty
peculiarities that will make it hard to proxy one-on-one especially if
multiple applications or threads are accessing the proxy interface.

> But first we need a good list of requirements. Maybe you want to
> start on that work? We can assist you more when we have SoftHSM v2.

Agreed. Requirement #1: a secure connection between the proxy and the
server (SSL, preferably also support client authentication).



-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-user mailing list