[Opendnssec-develop] interface between enforcer and signer

John Dickinson jad at jadickinson.co.uk
Wed Feb 25 14:21:02 UTC 2009

On 25 Feb 2009, at 09:18, Jakob Schlyter wrote:

> On 24 feb 2009, at 12.13, Rick van Rein wrote:
>> There's double information in this setup:
>> 1. <ksk/> versus <zsk/>
>> 2. <flags/> bit 0
> no, the flag indicates if a key is a Secure Entry Point, not if it  
> is used to sign the DNSKEY RRset (which a KSK does).
>> I would not be surprised if we'll need <timestamp/> for more than
>> one thing; perhaps adding a parameter could help.  Just a thought.
>> It would certainly give a somewhat stronger suggestion as to its
>> semantics.
> yes, I'll look into this.

I suggest that we add an optional description attribute to all the  
elements in the KASP xml. The database already has description fields  
ready to accept this data and it would be useful in any future GUI. It  
should be easy to write a stylesheet to remove this attribute for  
those uses that do not require it.

Jakob - I am altering the kasp.xml at the moment to make it consistent  
with the draft. I can alter the relax-ng as well.

John Dickinson

More information about the Opendnssec-develop mailing list