[Opendnssec-develop] interface between enforcer and signer
John Dickinson
jad at jadickinson.co.uk
Wed Feb 25 14:21:02 UTC 2009
On 25 Feb 2009, at 09:18, Jakob Schlyter wrote:
> On 24 feb 2009, at 12.13, Rick van Rein wrote:
>
>> There's double information in this setup:
>> 1. <ksk/> versus <zsk/>
>> 2. <flags/> bit 0
>
> no, the flag indicates if a key is a Secure Entry Point, not if it
> is used to sign the DNSKEY RRset (which a KSK does).
>
>> I would not be surprised if we'll need <timestamp/> for more than
>> one thing; perhaps adding a parameter could help. Just a thought.
>> It would certainly give a somewhat stronger suggestion as to its
>> semantics.
>
> yes, I'll look into this.
I suggest that we add an optional description attribute to all the
elements in the KASP xml. The database already has description fields
ready to accept this data and it would be useful in any future GUI. It
should be easy to write a stylesheet to remove this attribute for
those uses that do not require it.
Jakob - I am altering the kasp.xml at the moment to make it consistent
with the draft. I can alter the relax-ng as well.
John
---
John Dickinson
http://www.jadickinson.co.uk
More information about the Opendnssec-develop
mailing list