Ondřej Surý
2021-05-07 14:12:34 UTC
Hey everybody,
this topic is even more obscure than Windows.
Currently, BIND 9 has two PKCS#11 interfaces:
* native PKCS#11 that uses direct PKCS#11 API calls to library that dynamically loaded (from compiled-in path)
* OpenSSL engine PKCS#11 from OpenSC project[1]
ISC has sponsored significant improvements to the OpenSC engine_pkcs11 and the next OpenSC version will include those improvements. The new version has better performance and is maintained by people who actually understand the PKCS#11 interface. Those improvements will be part of libp11 0.4.12 release.
Therefore we intent to drop the native PKCS#11 interface from BIND 9.18, so there’s less arcane code in named and we can focus on the DNS.
1. https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11
Ondrej
--
Ondřej Surý (He/Him)
***@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman
this topic is even more obscure than Windows.
Currently, BIND 9 has two PKCS#11 interfaces:
* native PKCS#11 that uses direct PKCS#11 API calls to library that dynamically loaded (from compiled-in path)
* OpenSSL engine PKCS#11 from OpenSC project[1]
ISC has sponsored significant improvements to the OpenSC engine_pkcs11 and the next OpenSC version will include those improvements. The new version has better performance and is maintained by people who actually understand the PKCS#11 interface. Those improvements will be part of libp11 0.4.12 release.
Therefore we intent to drop the native PKCS#11 interface from BIND 9.18, so there’s less arcane code in named and we can focus on the DNS.
1. https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11
Ondrej
--
Ondřej Surý (He/Him)
***@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman