[Opendnssec-develop] interface between enforcer and signer

Rick van Rein rick at openfortress.nl
Tue Feb 24 11:32:07 UTC 2009


Hello,

> a set of draft schemas are now available at 
> http://www.opendnssec.se/browser/docs/xml .

In addition to my remarks on the instance files:

kasp / policy / denial / nsec | nsec3
	Strictly speaking, a party could decide to support both.
	For instance while moving away from one and going to the other.
	Similarly, multiple nsec-chains and/or multiple nsec3-chains
	could co-exist.
	Would those setups be represented by different policies?

kasp / zone / policy
	Should a zone not be able to move from one policy to another?
	And as a result, should there not be an old and new policy?


Several of these remarks may turn out to be unfashionable for v1.

One remark is not, and that's the general problem of XML: it only
defines syntax.  Several of my questions relate to semantics, or how
to interpret the values described by the XML syntax.  It could be
very helpful to annotate as much as possible of the intended use
of each data element, either in a separate text or in comments
alongside each element/attribute.  In writing them, please try to
misinterpret the data in as many ways as possible, and try to write
with a clarity that avoids such misinterpretations.  Note that several
of my comments can be ranked as possible mis-interpretations, or in
other words, as calls for such semantics clarifications in text.

I hope .rnc can incorporate such comments, because I like the format
_much_ better than either DTD or XML Schema -- that is, there does not
seem to be a way to read these formats falsely, given a bit of
eperience with regexps.  A good find!  What tools do you use to process
RNC files into XML Schema and/or DTD?


Cheers,
 -Rick



More information about the Opendnssec-develop mailing list