Confirmed users
65
edits
TrunionOverhaul: Difference between revisions
SoftHSM, not OpenHSM
RyanTilder (talk | contribs) (Created page with "== Abstract == Wherein I propose a significant restructuring of the key management and signing logic within the trunion signing service to improve maintainability and therefo...") |
RyanTilder (talk | contribs) (SoftHSM, not OpenHSM) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 54: | Line 54: | ||
* signing-clients needs to be brought up to date in a big way | * signing-clients needs to be brought up to date in a big way | ||
* a class hierarchy that manages accessing different types of HSMs may be necessary. i.e. none(for testing), chil(for stage/prod), and maybe | * a class hierarchy that manages accessing different types of HSMs may be necessary. i.e. none(for testing), chil(for stage/prod), and maybe [https://www.opendnssec.org/softhsm/ SoftHSM](for dev). | ||
* a revisit of receipt signing in general | * a revisit of receipt signing in general | ||
* possibly replacing our tilde separated receipt format (for key separation) with a more standard way of attaching a key to a JSON Web Token. The Persona/FxA work may have some leads on how to do this. | |||
== Bugs == | |||
Tracking bug: {{Bugzilla|1118050}} | |||
<bugzilla> | |||
{ "blocks": ["1118050"], "status": ["UNCONFIRMED", "ASSIGNED", "NEW", "REOPENED"] } | |||
</bugzilla> | |||