Hi Petr, Very cool to hear that OpenDNSSEC will be used for this!
On 04 Mar 2014, at 13:59 , Petr Spacek <[email protected]> wrote: > OpenDNSSEC 2.x > ============== > Naturally, we want to do key maintenance in a distributed manner :-) > > The question is if you would accept patches adding support for LDAP backend > to OpenDNSSEC 2.x and patches supporting distributed operation (mainly in the > enforcer-ng). > > I have looked into git/enforcer-ng/src/protobuf-orm and it seems that > everything is SQL-specific. Would you accept patches adding some abstraction > to the database interface? Yes the current interface is very SQLish, I can see a few places where you might be able to add another layer that would make a LDAP backend possible. Maybe you can supply a patch (or parts of a patch) so we can get a better view of what you want to do and discuss it further? Just a bit of a notice, we are currently discussing the usage of protobuf-orm and it may or may not be changed in the near future. > The next thing is key distribution. In long term, we plan to write and use a > SoftHSM equivalent backed with LDAP database and local cache for > key/certificate storage so key management/sharing will be solved > transparently from OpenDNSSEC's point of view. Have you looked at SoftHSMv2 (https://github.com/opendnssec/SoftHSMv2) ? Maybe make a LDAP backend for it would do for a distributed key management (just guessing). > So the main question is: > Would you accept patches for database backend abstraction and distributed > behavior (in enforcer-ng)? Of course, we recently moved all our software to GitHub in order to better handle submission of code. Looking forward to your pull requests! :) -- Jerry Lundström - OpenDNSSEC Developer http://www.opendnssec.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
