[Opendnssec-develop] engine config for auditing

Jakob Schlyter jakob at kirei.se
Tue Jul 14 11:00:10 UTC 2009


On 14 jul 2009, at 12.54, Jelte Jansen wrote:

> putting it in zone_config.xml would be most logical (for now i read  
> it from zonelist.xml, but it's not a hard change).

logical for whom? not from an auditing/security policy perspective.  
when a given policy is set you also - as part of the policy - specify  
how it should be audited. so per design, IMHO, that's where the  
auditing configuration should be.

> But wasn't automatic auditing one of the hard requirements for alpha?

true. I say we do <audit/> in the kasp for now and let that propate  
into the signconf in cases where the signer is asked to requets an  
audit. ok?

--
Jakob Schlyter
Kirei AB - http://www.kirei.se/




More information about the Opendnssec-develop mailing list