[Opendnssec-develop] Config question
Rickard Bondesson
rickard.bondesson at iis.se
Tue Aug 4 08:28:40 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> > Should the salt be stored somewhere the auditor can get it?
> > Or should that be the only information lifted from
> <zone_config.xml>?
>
> kasp.rnc says:
> ---
> # The actual salt is generated by the Enforcer # Note: the
> enforcer may decide to store the # current salt in the DB and
> so it could be exported # here.
> xsd:string?
> ---
>
> Is Enforcer doing this? Then it should just be to parse the kasp.xml
But to simplify stuff, then do as Jakob just described. And then the Enforcer do not need to output the salt to kasp.xml and only to the zone configuration as it is doing now.
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSnfxOOCjgaNTdVjaAQhxKAf8CIm4pb+D1ETeJ9wre0vWQDOlEVgc9Bi3
V5bTCGN8tDLf7FW8tlGbp/iEiRJkz4tzPv36Ae5o05MmHAVRsacRwfYUajXcRRdk
2+WHXmqtCi6Q4UAWZBOP0gXunBW1wiyyzFk6z4qXfH16Pf9fDT0S2bBrUsHFvxDL
RSnQcpmQjZBY/RNwXdxWdOXvsCGtU3q6IsAmr4NGWy0BwPNApCrtTjFNnwNQ+Ujb
0fpbjChhdPPjb+ypmHJe/NQDEbzt/309O7zolTuxZpRqLeGSsd2709qUzJ30wNq1
fyNH5gBcX6nDniWKXxn6r17W5z1goKjK47wZGEWVaelRCvhgnMJZfA==
=Xain
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list