Hello list,
I would like to point you to design pages for DNSSEC feature:
Zone signing:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Automatic key rotation:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm
You can ignore bind-dyndb-ldap specifics and think about interactions with
FreeIPA and SSSD.
- We need to design LDAP schema for key storage (Ludwig is looking into it).
- We need to write PKCS#11 module on top of LDAP database.
- We need to design key rotation on client side (SSSD? Certmonger?).
- We need to design WebUI/CLI
etc.
Read sections 'External Impact' carefully :-)
Have a nice day!
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel