[Opendnssec-develop] KASP Auditor Requirements

Stephen.Morris at nominet.org.uk Stephen.Morris at nominet.org.uk
Fri Apr 24 10:20:57 UTC 2009


Jakob Schlyter <jakob at kirei.se> wrote on 23/04/2009 15:30:28:


> I believe the KA should be able to read the policy and zonelist XML 
> blobs, right?

I wasn't quite certain how these were specified so I merely stated that 
"It must be possible to specify the zone or zones for which the KA is to 
perform checks" and 'It must be possible to specify the policy information 
used to sign the data".

Of course, it retrieves this information from the XML passed to the 
signer, the auditor is only checking the signer.  If it retrieves the 
information from the original policy source, it is checking the entire 
system.  I am guessing that the former will be easier to do, although the 
latter is preferable.

Stephen



More information about the Opendnssec-develop mailing list