[Opendnssec-develop] engine config for auditing
Jakob Schlyter
jakob at kirei.se
Tue Jul 14 11:00:10 UTC 2009
On 14 jul 2009, at 12.54, Jelte Jansen wrote:
> putting it in zone_config.xml would be most logical (for now i read
> it from zonelist.xml, but it's not a hard change).
logical for whom? not from an auditing/security policy perspective.
when a given policy is set you also - as part of the policy - specify
how it should be audited. so per design, IMHO, that's where the
auditing configuration should be.
> But wasn't automatic auditing one of the hard requirements for alpha?
true. I say we do <audit/> in the kasp for now and let that propate
into the signconf in cases where the signer is asked to requets an
audit. ok?
--
Jakob Schlyter
Kirei AB - http://www.kirei.se/
More information about the Opendnssec-develop
mailing list