[Opendnssec-develop] KASP Auditor Requirements
Stephen.Morris at nominet.org.uk
Stephen.Morris at nominet.org.uk
Fri Apr 24 10:20:57 UTC 2009
Jakob Schlyter <jakob at kirei.se> wrote on 23/04/2009 15:30:28:
> I believe the KA should be able to read the policy and zonelist XML
> blobs, right?
I wasn't quite certain how these were specified so I merely stated that
"It must be possible to specify the zone or zones for which the KA is to
perform checks" and 'It must be possible to specify the policy information
used to sign the data".
Of course, it retrieves this information from the XML passed to the
signer, the auditor is only checking the signer. If it retrieves the
information from the original policy source, it is checking the entire
system. I am guessing that the former will be easier to do, although the
latter is preferable.
Stephen
More information about the Opendnssec-develop
mailing list