BIND 9.10.0b1 is now available
Mathieu Arnold
mat at FreeBSD.org
Mon Mar 17 19:41:13 UTC 2014
+--On 17 mars 2014 12:36:32 -0700 Doug Barton <dougb at dougbarton.us> wrote:
| On 03/17/2014 12:29 PM, Mathieu Arnold wrote:
|> Hum, so, it will also use pkcs11 for dnssec validation too ? (Sorry if
|> this seems a silly question.)
|
| HSMs are typically an auth-only tool, although I suppose that in a
| super-high-security environment that they could be justified for
| validation ... it would be interesting to see a requirements doc on what
| the HSM would need to provide to do that.
Yes, it was my understanding of how HSM worked. That's why I was trying to
build with OpenSSL *and* native PKCS11, to get the DNSSEC validation on one
side, and PKCS11 interface for zone signing on the other.
--
Mathieu Arnold
More information about the bind-users
mailing list