[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r6206 - trunk/OpenDNSSEC/conf

jakob at kirei.se jakob at kirei.se
Tue Mar 13 13:56:10 CET 2012


Author: jakob
Date: 2012-03-13 13:56:10 +0100 (Tue, 13 Mar 2012)
New Revision: 6206

Modified:
   trunk/OpenDNSSEC/conf/kasp.xml.in
Log:
OPENDNSSEC-9: add draft KASP lab policy


Modified: trunk/OpenDNSSEC/conf/kasp.xml.in
===================================================================
--- trunk/OpenDNSSEC/conf/kasp.xml.in	2012-03-12 10:32:06 UTC (rev 6205)
+++ trunk/OpenDNSSEC/conf/kasp.xml.in	2012-03-13 12:56:10 UTC (rev 6206)
@@ -85,5 +85,67 @@
 		</Parent>
 
 	</Policy>
-	
+
+	<Policy name="lab">
+		<Description>Quick turnaround policy for lab work</Description>
+		<Signatures>
+			<Resign>PT10M</Resign>
+			<Refresh>PT30M</Refresh>
+			<Validity>
+				<Default>PT1H</Default>
+				<Denial>PT1H</Denial>
+			</Validity>
+			<Jitter>PT1M</Jitter>
+			<InceptionOffset>PT3600S</InceptionOffset>
+		</Signatures>
+
+		<Denial>
+			<NSEC/>
+		</Denial>
+
+		<Keys>
+			<!-- Parameters for both KSK and ZSK -->
+			<TTL>PT300S</TTL>
+			<RetireSafety>PT360S</RetireSafety>
+			<PublishSafety>PT360S</PublishSafety>
+			<!-- <ShareKeys/> -->
+			<Purge>P14D</Purge>
+
+			<!-- Parameters for KSK only -->
+			<KSK>
+				<Algorithm length="2048">8</Algorithm>
+				<Lifetime>P1Y</Lifetime>
+				<Repository>SoftHSM</Repository>
+			</KSK>
+
+			<!-- Parameters for ZSK only -->
+			<ZSK>
+				<Algorithm length="1024">8</Algorithm>
+				<Lifetime>PT4H</Lifetime>
+				<Repository>SoftHSM</Repository>
+				<!-- <ManualRollover/> -->
+			</ZSK>
+		</Keys>
+
+		<Zone>
+			<PropagationDelay>PT300S</PropagationDelay>
+			<SOA>
+				<TTL>PT300S</TTL>
+				<Minimum>PT300S</Minimum>
+				<Serial>unixtime</Serial>
+			</SOA>
+		</Zone>
+
+		<Parent>
+			<PropagationDelay>PT9999S</PropagationDelay>
+			<DS>
+				<TTL>PT3600S</TTL>
+			</DS>
+			<SOA>
+				<TTL>PT172800S</TTL>
+				<Minimum>PT10800S</Minimum>
+			</SOA>
+		</Parent>
+
+	</Policy>	
 </KASP>




More information about the Opendnssec-commits mailing list