[Opendnssec-develop] KSK Rollovers
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Fri Jul 3 13:10:58 UTC 2009
> Instead,
> could KASP or the signer log the information in syslog? If this is
> in the form of an easily identifiable message, the user's systems
> could intercept those messages and automatically generate an EPP
> request to the parent. (Which leads to a definition question:
> should it be KASP or should it be the signer that generates the
message?)
I'm personally not in favour of using syslog for this sort of thing.
Primarily syslog is designed as a logging mechanism, not as an IPC
mechanism. It's not designed to be 100% secure or reliable (although
newer versions do attempt to address this).
My preference would be for KASP to automatically invoke (end-user
specified) programs as necessary, so that EPP and/or whatever else can be
supplied by third parties.
Alternately use a reliable IPC mechanism (such as a specific named-pipe)
that's dedicated for KASP's use, and not shared with any other part of the
system.
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090703/a4c20b0b/attachment.htm>
More information about the Opendnssec-develop
mailing list