-
Type: New Feature
-
Status: Closed
-
Priority: Minor
-
Resolution: Won't Fix
-
Affects Version/s: OpenDNSSEC 1.4.0a1
-
Fix Version/s: None
-
Component/s: Configuration, Enforcer, Signer
-
Labels:None
Hi,
I'm thinking about the separation of roles for object related activities such as key generation / key destruction.
If someone has access to my conf.xml, they seem to have the ability to generate or delete the objects on my HSM (SafeNet Luna), as they have the (crypto officer) password.
PKCS#11 does not define different types of users. Every user with access to a token can do anything. It seems SafeNet has "enhanced cryptoki roles". (See the attached 1 page extract from the SafeNet docs).
The SafeNet Luna has a "restricted" client called a crypto-user which cannot delete objects.
In the context of SafeNet Lunas, a client would need to pass CKU_RESTRICTED_USER (or the alias CKU_CRYPTO_USER).
Does it make sense to add support for having a separate user for key generation/destruction, and another one for signing only.
Thanks
Kind regards
Billy Glynn