[Opendnssec-develop] relationships between KASP paarameters
Jakob Schlyter
jakob at kirei.se
Wed Mar 11 16:55:18 UTC 2009
On 11 mar 2009, at 16.59, John Dickinson wrote:
> Sion and I are wondering if the Enforecer/libKSM should validate the
> policies. For example there could be a set of rules like:
> - TTLs must be no less than 5 min and no greater than 2 years
> - key lifetime must be at least n * TTLkey where n is some number
> like 5.
> - ...
>
> these are made up examples please don't worry about the exact
> numbers for now :)
>
> Do people think that
> a) the enforcer/libKSM is the place to do this
> b) this should be done at all
> c) this should be left for the GUI/CLI that populates the KASP DB?
> d) this should wait for v2
I think we can do (d) right now and in the future decide if we do it
at all. this could be done by a standalone KASP "Lint" that reads the
policy XML.
jakob
More information about the Opendnssec-develop
mailing list