On Fri, 2014-07-25 at 19:26 +0200, Petr Spacek wrote:
> 
> I have updated design page and diagrams:
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Shortterm#LDAPschema

Excellent page, I took a full read and it all seem reasonable.

However I would like a page like this with the detailed summary of key
material handling.

This is important to get right and have documented anyway so if someone
could summarize in detail all the key handling I would be happy to do a
detailed review and think carefully about the security stance of the
final solution we agreed on. If we can do this early it would be better
to avoid costly rewrites should we have forgotten/underestimated some
implementation detail that requires changes.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to