[Opendnssec-develop] interface between enforcer and signer

Jelte Jansen jelte at NLnetLabs.nl
Wed Feb 25 09:33:14 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 
> There is only the current, to be used from now on policy. The signer
> must ensure that existing signatures and nsec chains don't break while
> implementing the current policy no matter how different the current
> policy is from the one moments before. I will admit this may be
> ambitious - Jelte does this scare you? Do we need any additional info?
> 

Yes it scares me, but so do a lot of the things we are trying to build here.

I'm not sure whether we need additional info yet. I'm also not sure whether we
shouldn't define specific ways in which policies must change and let the kasp
'roll' those from current to new with multiple steps if needed. But i don't
think so, at the moment.

Jelte

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmlEFoACgkQ4nZCKsdOncWswQCdFJKTAJTfjIli9m9F3W1PnZFs
QX8An02vtCimgOVRx1bGQX8RsNFl3IwU
=wWhT
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list