library: dnssec validation (module, APIs, prep)

Idea

wip

Steps

• Fetch/store RRSIGs in the record cache
  • Put this in cache unit test
• Obstacle 1
• Make a generic crypto API for signature verification
  • Look at different crypto backends and assess them (CC @jvcelak)
  • Select a crypto backend and implement verification for it
  • Make a unit test for mock signature verification
• Validate RRSIGs in packet (if required)
  • Start playing with the tests/testdata/test_notimpl DNSSEC tests
• Validate trust chain
  • Obstacle 2
  • Process DS records
  • RFC5011 for root trust anchor management
• Integration tests should pass now

^ fixme @kslany

Milestone removed

Assignee removed

Reassigned to @kslany

Milestone changed to 2015 Q3

RRSIGs are fetched and stored in a separate part of cache that is dedicated to RRSIGs only. The code is still located in a separate branch because tests for this functionality are currently missing.

^ update the issue please and add schedule for NTA

Status changed to closed

More/less works, other defects will be in the respective issues.

mentioned in issue #283 (closed)

mentioned in commit efd14b44

mentioned in commit 16d699e1

mentioned in commit 4a3d7470

mentioned in commit f52231b6