BIND 9 currently supports two major cryptography provider libraries - OpenSSL and PKCS#11.
The PKCS#11 interface is very fragile, as the different vendors implement different parts of the standard, and BIND needs to be compiled with a specific PKCS#11 provider defined at the compile time. This is certainly suboptimal, and we are looking at ways how to improve that.
So, if you are running BIND with PKCS#11 HSM, or you are thinking about such setup, I would be interested to hear answer to couple of questions:
1. What functions of PKCS#11 do you care about?
Background: PKCS#11 as currently used in BIND uses PKCS#11 exclusively for anything related to crypto.
- Getting entropy to seed PRNG
- Message Digests (MD5, SHA-1, SHA-2)
- Symmetric Cryptography (meaning AES)
- Public-Key Cryptography (aka DNSSEC keys)
2. Would you be fine if BIND double linked with OpenSSL and PKCS#11?
Background: if some of the answers to previous question were NO, BIND would have to use OpenSSL as a provider for these functions and it would make the code more slimmer, and easier to test.
3. Would you care if BIND wouldn’t link directly to PKCS#11 library and used
Background: the PKCS#11 is full of #ifdefs, for full picture see lib/isc/include/pk11/site.h, and it doesn’t really make sense to develop the same work-arounds at two different places.
- oh, please no
- yes, this seems reasonable
There are three possible course of actions we might take:
Convert the PKCS#11 usage to OpenSSL PKCS#11 engine. That would save us from most of the headaches with PKCS#11, but it might require some configuration changes for existing deployments.
Convert the non public-key cryptography parts to OpenSSL. This would allow people to keep the DNSSEC private keys inside the HSMs, but all the other crypto would come from OpenSSL. (OpenSSL itself has FIPS 140-2 validation if that means anything to you.)
Keep the status quo
There are some extra options to these three:
A. Improve the PKCS#11 handling to runtime detection of HSM capabilities
B. Support OpenSSL and PKCS#11 DNSSEC keys at the same time, say to store KSKs in PKCS#11 and ZSK on disk…
The A is non-issue for 1., likely to happen with 2., and unlikely to happen with 3.
The B will happen with 1., likely to happen with 2., and impossible to happen with 3.
As usual, the goal is to balance the time we have to spend on improving BIND, and our development resources are limited, so any resources saved by reducing the code we need to maintain would free our hands to do something else (like A or B).
Also please note that this is not going to affect any previously released version of BIND, just future releases.