[Opendnssec-develop] KSK vs ZSK

Olaf Kolkman olaf at NLnetLabs.nl
Fri Mar 6 06:00:26 UTC 2009

On 5 mrt 2009, at 21:17, Olaf Kolkman wrote:

>> <key>
>> 	...
>> 	<sign>keys</sign>
>> 	<sign>denial</sign>
>> 	<sign>data</sign>
>> 	<publish/>
>> </key>

I am not a very experienced XML designer but it occurs to me that you  
would like to design the XML in such a way that most of the checking  
can be done through validating of the schema. I never quite understood  
when to shoot for an attribute or an element but my laymen  
understanding is that when a property is not just "free form" and you  
want to control the properties  that are submitted through your XML  
based protocol or configuration, an attribute makes a bit more sense  
    <!ATTLIST sign type (keys|denial|data) "data">

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 235 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090306/b06d114f/attachment.bin>

More information about the Opendnssec-develop mailing list