[Freeipa-devel] DNSSEC design page

Petr Spacek Thu, 13 Feb 2014 09:38:20 -0800

Hello list,

I would like to point you to design pages for DNSSEC feature:


Zone signing:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Automatic key rotation:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm

https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm

You can ignore bind-dyndb-ldap specifics and think about interactions withFreeIPA and SSSD.


- We need to design LDAP schema for key storage (Ludwig is looking into it).
- We need to write PKCS#11 module on top of LDAP database.
- We need to design key rotation on client side (SSSD? Certmonger?).
- We need to design WebUI/CLI
etc.

Read sections 'External Impact' carefully :-)

Have a nice day!

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] DNSSEC design page

Reply via email to