<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><br><div><div>Em 29/10/2013, à(s) 05:45, Stephane Bortzmeyer <<a href="mailto:bortzmeyer@nic.fr">bortzmeyer@nic.fr</a>> escreveu:</div><br class="Apple-interchange-newline"><blockquote type="cite">On Tue, Oct 29, 2013 at 12:07:10AM -0200,<br> Rubens Kuhl <<a href="mailto:rubensk@nic.br">rubensk@nic.br</a>> wrote <br> a message of 30 lines which said:<br><br><blockquote type="cite">Would DNSSHIM or Atomia DNS fit your description of DNSSEC<br>management ? <br></blockquote><br>[Warning, quick glance only]<br><br>DNSSHIM claims to be able to "manage" DNSSEC keys but the<br>documentation apparently does not say a word about how keys are<br>created and deleted. It seems it has to be done manually and, in that<br>case, there is indeed no key management.<br></blockquote><div><br></div>Key creation:</div><div><br></div><div>
<div class="page" title="Page 18">
<div class="layoutArea">
<div class="column"><p><span style="font-size: 17.000000pt; font-family: 'CMSSBX10'">19 NewKey
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMR12'">Generates a new key for a specified zone.
</span></p><p><span style="font-size: 14.000000pt; font-family: 'CMSSBX10'">19.1 Request
</span></p>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"><?xml version="1.0" encoding="utf-8"?>
<dnsshim version="1.0">
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <request>
<newKey>
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <sessionId>$sessionId</sessionId>
<zone>$zone</zone>
<size>$keySize</size>
<type>$keyType</type>
<flags>$flags</flags>
<status>$keyStatus</status>
<algorithm>$algorithm</algorithm>
<protocol>$protocol</protocol>
</span></pre>
</div>
</div>
<div class="layoutArea">
<div class="column">
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> </newKey>
</request>
</span></pre><p><span style="font-size: 12.000000pt; font-family: 'CMTT12'"></dnsshim>
</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column"><p><span style="font-size: 12.000000pt; font-family: 'CMR12'">18
</span></p>
</div>
</div>
</div>
<div class="page" title="Page 19">
<div class="layoutArea">
<div class="column"><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">19.1.1 Parameters
</span></p>
</div>
</div>
<div class="layoutArea">
<div class="column"><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$sessionId: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Session identification.
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$zone: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Name of the zone.
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$keySize: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Size of the new key (suggestion is 1024).
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$keyType: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Zone Sign Key (</span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">ZSK</span><span style="font-size: 12.000000pt; font-family: 'CMR12'">) or Key Sign Key (</span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">KSK</span><span style="font-size: 12.000000pt; font-family: 'CMR12'">).
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$flags: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">The flags field of the new key (Either </span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">256 </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">or </span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">257</span><span style="font-size: 12.000000pt; font-family: 'CMR12'">).
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$keyStatus: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Status of the new key (Either SIGN, PUBLISH or NONE).
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$algorithm: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">The key’s algorithm. Either </span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">5 </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">(RSA) or </span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">3 </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">(DSA). By now DNSSHIM
only supports RSA keys.
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$protocol: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Dnskey protocol according RFC 3755. By now must be </span><span style="font-size: 12.000000pt; font-family: 'CMTT12'">3</span><span style="font-size: 12.000000pt; font-family: 'CMR12'">.
</span><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$expirationPeriod: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Validity of the zone’s signatures.</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMR12'">Key removal:</span></p><div><br></div><div>
<div class="page" title="Page 27">
<div class="layoutArea">
<div class="column"><p><span style="font-size: 17.000000pt; font-family: 'CMSSBX10'">26 RemoveKey
</span><span style="font-size: 14.000000pt; font-family: 'CMSSBX10'">26.1 Request
</span></p>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"><?xml version="1.0" encoding="utf-8"?>
<dnsshim version="1.0">
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <request>
<removeKey>
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <sessionId>$sessionId</sessionId>
<zone>$zone</zone>
<keyName>$key</keyName>
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> </removeKey>
</request>
</span></pre><p><span style="font-size: 12.000000pt; font-family: 'CMTT12'"></dnsshim>
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">26.1.1 Parameters
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$sessionId: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Session identification.
</span><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$zone: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Name of the zone.
</span><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$keyName: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">The name of key.</span></p><div class="page" title="Page 32">
<div class="layoutArea">
<div class="column"><p><span style="font-size: 17.000000pt; font-family: 'CMSSBX10'">33 SetExpirationPeriod
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMR12'">Sets the signatures’s validity period of zone.
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMR12'">32
</span></p>
</div>
</div>
</div><p>
</p><div class="page" title="Page 33">
<div class="layoutArea">
<div class="column"><p><span style="font-size: 14.000000pt; font-family: 'CMSSBX10'">33.1 Request
</span></p>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"><?xml version="1.0" encoding="utf-8"?>
<dnsshim version="1.0">
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <request>
<setExpirationPeriod>
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> <sessionId>$sessionId</sessionId>
<zone>$zone</zone>
<expirationPeriod>$expiration</expirationPeriod>
</span></pre>
<pre><span style="font-size: 12.000000pt; font-family: 'CMTT12'"> </setExpirationPeriod>
</request>
</span></pre><p><span style="font-size: 12.000000pt; font-family: 'CMTT12'"></dnsshim>
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">33.1.1 Parameters
</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$sessionId: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Session identification.<br>
</span><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$zone: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Name of the zone.<br>
</span><span style="font-size: 12.000000pt; font-family: 'CMSSBX10'">$expirationPeriod: </span><span style="font-size: 12.000000pt; font-family: 'CMR12'">Validity of the zone’s signatures.</span></p><p><span style="font-size: 12.000000pt; font-family: 'CMR12'"> </span></p>
</div>
</div>
</div><p><span style="font-size: 12.000000pt; font-family: 'CMR12'"> </span></p>
</div>
</div>
</div></div><p><span style="font-size: 12.000000pt; font-family: 'CMR12'"> </span></p>
</div>
</div>
</div><blockquote type="cite"><br>Atomia DNS does not claim to do DNSSEC key management and, anyway, I<br>find nothing about DNSSEC in its documentation (not the list of<br>features, the documentation).<br><br><br></blockquote></div><br><div>Although I’m more familiar with DNSSHIM, Atomia is said to being used by some registrars with very large number of DNSSEC-signed zones, so I would expect it to have such capabilities… a difference though is that while DNSSHIM is more BIND-oriented (it uses BIND-specific signaling to make publishing servers create new zones) Atomia is more PowerDNS-oriented. </div><div><br></div><div>Rubens</div><div><br></div></body></html>