[Opendnssec-develop] Signer Testplan: first try

Rick van Rein rick at openfortress.nl
Wed Apr 8 20:23:02 UTC 2009

Hello Matthijs and Jelte,

Thank you for this testing document.  Here are some remarks I have.

Tests 7 and 20:
	Textual only: These numbers occur more than once.
	You may want to check out \newcounter, \addtocounter, \usecounter

Tests 3 and 7#2:
	I don't like the idea of being liberal where semantics are
	concerned.  If you are proposing to tolerate semantical mistakes,
	I would be tempted to vote against that.  Maybe I just need to know
	what semantics you would be willing to interpret, and inhowfar.
	As a general rule, the security implications of systems that
	interpret my intentions "oh you MUST have meant to say X" gives
	me the creeps.  I'd much rather have a clear error message and a
	total bail-out.

Test 8:
	Language only: The words resign and re-sign have different meaning
	in the English language.  You meant to say re-sign, I think.

Test 12:
	If I got the informal drift of what jitter means, I think this test
	is overlooking slave duplication times and cache keeping times.
	It is a matter of discussion whether this suffices for the first
	version.  If OpenDNSSEC is to actually become a product, it should
	allow for the time for the signed data to go live, meaning that
	the slave and cache delays should be taken into account in this

Test 13:
	I don't understand what this is about.

I hope this is useful,


More information about the Opendnssec-develop mailing list