<font size=2 face="sans-serif">Hi - </font>
<br>
<br><font size=2 face="sans-serif">Olaf has asked for the auditor to ignore
types it does not support.</font>
<br>
<br><font size=2 face="sans-serif">I've got code which does this (only
changes about 20 lines of code) - but I'm not sure it will definitely work
in all corner cases (e.g. unsigned file has type number, signed file has
type name).</font>
<br>
<br><font size=2 face="sans-serif">Do people think this should be supported?</font>
<br>
<br><font size=2 face="sans-serif">If so, should it go in 1.0 or 1.1?</font>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br>
<br>
<br><font size=2 face="sans-serif">Alex.</font>
<br>
<br><font size=1 color=#800080 face="sans-serif">----- Forwarded by Alex
Dalitz/Nominet on 10/12/2009 09:55 -----</font>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Olaf Kolkman <olaf@NLnetLabs.nl></b>
</font>
<br><font size=1 face="sans-serif">Sent by: opendnssec-develop-bounces@lists.opendnssec.org</font>
<p><font size=1 face="sans-serif">09/12/2009 16:09</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">"OpenDNSSEC" <owner-dnssec-trac@kirei.se></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">opendnssec-develop@lists.opendnssec.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [Opendnssec-develop] Re: [OpenDNSSEC]
#60: Auditor croaks on APL RR</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2><br>
On Dec 9, 2009, at 4:59 PM, OpenDNSSEC wrote:<br>
<br>
> #60: Auditor croaks on APL RR<br>
> ------------------------------+---------------------------------------------<br>
> Reporter: olaf@…
| Owner: alex <br>
> Type: defect
| Status: assigned<br>
> Priority: major |
Component: Auditor <br>
> Version: trunk |
Keywords: <br>
> ------------------------------+---------------------------------------------<br>
> <br>
> Comment(by alex):<br>
> <br>
> I should point out that all types are supported if they are written
in<br>
> RFC3597 unknown type format (e.g. TYPE42, etc.). A quick fix would
be to<br>
> rewrite the APL record as a TYPE42 record.<br>
> <br>
> -<br>
<br>
yes, but no. The reason for the APL being in the format it is was because
of parsing/wire compatibility testing.<br>
<br>
More to the point the underlying request is to make the auditor more resilient
against its library not supporting certain types when the signer library
does support those types.<br>
<br>
I believe that the auditor should in those cases just skip the tests and/or
do some heuristic checks. If it comes to the type bitmap of the NSEC, bad
luck, you cannot check the signature, but you can check signature parameters.
<br>
<br>
The auditor is there to help you, to prevent errors. Not to block you from
getting things done. <br>
Obviously, strong warnings are OK.<br>
<br>
--Olaf<br>
<br>
<br>
________________________________________________________ <br>
<br>
Olaf M. Kolkman
NLnet Labs<br>
Science
Park 140, <br>
</font></tt><a href=http://www.nlnetlabs.nl/><tt><font size=2>http://www.nlnetlabs.nl/</font></tt></a><tt><font size=2>
1098 XG Amsterdam<br>
<br>
_______________________________________________<br>
Opendnssec-develop mailing list<br>
Opendnssec-develop@lists.opendnssec.org<br>
</font></tt><a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop"><tt><font size=2>https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop</font></tt></a><tt><font size=2><br>
</font></tt>