31 Říj
2013
31 Říj
'13
17:10
Hello Johan!
AFAIK Jan V. is already working on PKCS#11 support
(via openssl).
Yes, indeed. I'm working on support for PKCS#11 in Knot DNS.
> I'm ok with using dnssec-keygen, that's
fine. However I'm not fine with all the darn K* files that dnssec-keygen throws
around. I hate the K* files with a passion, because they are left-overs of our early
attempts at figuring out DNSSEC more than fifteen years ago. I'd like to think that
we've learnt a thing or two since then.
Well, we are not OK with these tools. The key storage will definitelly
change. We needed some starting point for our implementation. That's why
we have to stick with all ugly ISC tools for now. And therefore we call
the current implementation experimental.
(btw, you can name the files with keys anyhow and Knot should load them,
just the file extension is important)
I'm thinking about something like that. And I like the use cases you
just provided. Thank you for the feedback. :-)
Jan