[Opendnssec-develop] Signer Testplan: first try
Rick van Rein
rick at openfortress.nl
Wed Apr 8 20:23:02 UTC 2009
Hello Matthijs and Jelte,
Thank you for this testing document. Here are some remarks I have.
Tests 7 and 20:
Textual only: These numbers occur more than once.
You may want to check out \newcounter, \addtocounter, \usecounter
Tests 3 and 7#2:
I don't like the idea of being liberal where semantics are
concerned. If you are proposing to tolerate semantical mistakes,
I would be tempted to vote against that. Maybe I just need to know
what semantics you would be willing to interpret, and inhowfar.
As a general rule, the security implications of systems that
interpret my intentions "oh you MUST have meant to say X" gives
me the creeps. I'd much rather have a clear error message and a
total bail-out.
Test 8:
Language only: The words resign and re-sign have different meaning
in the English language. You meant to say re-sign, I think.
Test 12:
If I got the informal drift of what jitter means, I think this test
is overlooking slave duplication times and cache keeping times.
It is a matter of discussion whether this suffices for the first
version. If OpenDNSSEC is to actually become a product, it should
allow for the time for the signed data to go live, meaning that
the slave and cache delays should be taken into account in this
calculation.
Test 13:
I don't understand what this is about.
I hope this is useful,
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list