On 02-01-17 22:46, Peter Stuge wrote: > Yuri Schaeffer wrote: >> The enforcer daemon will not start (blocks, presumably on opening the >> HSM) when the signer daemon is running and the other way around. > > What are the two daemons doing, respectively? > Or: Why do two applications need (concurrent?) access to the HSM?
The Enforcer daemon is responsible for key management. It boils down to generating keys at the right time and signal the Signer daemon which keys to use. The Signer daemon simply signs data. Both programs work quite independently and have no clue when the other program is active on the HSM. Moreover, ideally both daemons, but especially the signer run multiple threads. With any thread being able to do HSM operations. What I've heard from the Berlin workshop (I wasn't there myself) in order to get OpenDNSSEC 1.4 running the Signer could use at most one thread. I haven't tried multiple threads for that reason yet. Though I sounds like it has the same underlying issue. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
