Meetings/Minutes/2009-04-15

OpenDNSSEC > Meetings > Minutes > 2009-04-15

Present: Antoin, Jakob, Jelte, Matthijs, Patrik, Rick, Rickard, Sion, Stephen

1. Who Will Write the Minutes?

Stephen volunteered.

2. Handover of KSM/KASP Enforcer to Sion from John

Sion explained that this component is now split into three parts:

  • Communicator - transfers data from the database to the XML files.
  • libksm - looks after the database.
  • Key generator - makes sure enough there are keys for the policy.

Sion is now dealing with the communicator and libksm. John is working on the key generation component; he is also working on the build script.

3. Discussion About Each Component

KASP
Sion reported the status of KASP:

  • Communicator - this is about 90% complete. It writes an XML file, although some configuration options are hard-coded at the moment.
  • libksm - mostly there. The KSK rollover logic is working.
  • Key generator - Sion is not certain where this is.

Overall, KASP is in a state where it can be run for the initial system tests.

Jakob reported that he and John had talked about moving all PKCS11 code into a separate library (libhsm). This would involve a small amount of refactoring, but the result would be common code used by both the key generator and the signer. The library would keep track of the keys and HSMs; keys are referenced by UUID, which also serves to identify the HSM in which a key is located. Jakob expected to come up with a proposal for the library API later this week.

Signing Engine
Jelte reported that feature-wise, it is complete, although few tweaks are still needed. It is ready for system integration.

In answer to a question about AXFR readiness, he thought that it would take one to two weeks to add that capability to it.

SoftHSM
As a result of a review, Rickard said that he was making a few changes. He would then look to compile it on OS X. Jelte indicated that the build scripts needed some work for this platform; Sion suggested that the libksm build scripts could be used for reference in this task.

4. KASP Auditor

Stephen asked about the Auditor, which he felt was essential for V1.0. Rick said that this should be part of the Alpha release. Jakob made the point that as an auditing function, it should be written without sharing existing code. It was agreed that Stephen would write the requirements for this component in conjunction with Rick.

Action: Stephen - write requirements for the KASP Auditor.

5. Requirements

Rickard is trying to put down requirements of .se, but this has been postponed to next week. Stephen has a set of high-level requirements for the signing of .uk. He will incorporate Rickard's requirements and publish the result for the list. Matthijs mentioned that he had posted some requirements from .org to the list.

Action: Stephen - get together overall requirements when information is received from Rickard.

6. Code Reviewing

Rickard has obtained a checklist for code review. So far, Rickard, Matthijs, and someone identified by Roland have volunteered to do the reviewing. (Sion is happy to do a code review, but want to deliver his contribution first.)

Jelte said that the signing engine is ready for code review now. Sion asked that the review of the KASP code be deferred for a bit. He will signal to the list when he is ready.

Peer reviewing of code will start next week - Rickard will assign the reviewing tasks.

7. User Guide

Rickard asked that everyone document their components. Patrik was ready to pull everything into a comprehensive document.

8. Platform Support

Rickard has added a page to wiki concerning the target platforms. It is intended that this page will evolve into a general page on supported platforms.

9. User Considerations

This is a page detailing the current status of the project. Rickard will update this on a regular basis.

10. System Testing

This task is waiting for the requirement to be detailed.

Stephen made a point that it is essential that the system is able to recover in the event of something like a power failure. This led to a general discussion on the robustness of the system. It was agreed that if it was impossible for a component to recover, there would be documentation about manual recovery.

11. Performance Testing

In particular:

  • What should we test?
  • What benchmarks should we do?
  • How much is bound to HSM performance?

It was suggested that extreme cases (such as millions of names in a single zone, hundreds of thousands of zones each with a few names, etc.) be picked and that the performance on these be measured.

12. Durability Testing

Durability testing is running for an extended period of time. We will need to write some scenarios for this.

13. Presentation

Two questions:

  • What are we going to present?
  • Who will present?

With regards to the first question, Rickard said that presentations he had given on the subject included:

  • Overall view of what OpenDNSSEC does
  • Timeline
  • Reason to use it.

It was noted that an alpha version of the software was unlikely to be ready by the time of the presentation.

Patrik volunteered to give the presentation at RIPE-58. (A twenty-minute slot will be requested.) He will do a rough outline of the presentation and send it to the list.

14. Next Meeting

This will be on Monday 27 April 2009 at 11:00-12:00 CEST (10:00-11:00 BST)

15. AOB

Jelte raised a question about duration parsing; in particular, the interval defined by a month depends on the date on which the parse takes place. Sion said that libksm has a function that parses duration - Sion and Jelte will discuss this offline.

System integration will be started by Patrik as he tries to put together the installation and user guide.