[Opendnssec-develop] Config question

sion at nominet.org.uk sion at nominet.org.uk
Tue Aug 4 08:32:26 UTC 2009

> > Should the salt be stored somewhere the auditor can get it?
> > Or should that be the only information lifted from <zone_config.xml>?
> kasp.rnc says:
> - ---
> # The actual salt is generated by the Enforcer
> # Note: the enforcer may decide to store the
> # current salt in the DB and so it could be exported
> # here.
> xsd:string?
> - ---
> Is Enforcer doing this? Then it should just be to parse the kasp.xml

The enforcer doesn't write to the kasp.xml currently; might people monitor
this file for changes to make sure that no-one is altering their policy? Or
even revoke write permissions on it?

If neither of these is an issue then I can change the enforcer.


More information about the Opendnssec-develop mailing list