[Opendnssec-develop] relationships between KASP paarameters

Jakob Schlyter jakob at kirei.se
Wed Mar 11 16:55:18 UTC 2009

On 11 mar 2009, at 16.59, John Dickinson wrote:

> Sion and I are wondering if the Enforecer/libKSM should validate the  
> policies. For example there could be a set of rules like:
> - TTLs must be no less than 5 min and no greater than 2 years
> - key lifetime must be at least n * TTLkey where n is some number  
> like 5.
> - ...
> these are made up examples please don't worry about the exact  
> numbers for now :)
> Do people think that
> a) the enforcer/libKSM is the place to do this
> b) this should be done at all
> c) this should be left for the GUI/CLI that populates the KASP DB?
> d) this should wait for v2

I think we can do (d) right now and in the future decide if we do it  
at all. this could be done by a standalone KASP "Lint" that reads the  
policy XML.


More information about the Opendnssec-develop mailing list