[Opendnssec-develop] Importing shared keys

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Wed Jul 21 11:20:00 UTC 2010

Hi Alex,

Alex Dalitz wrote:
> Handling a policy change for a zone is something I'm just about to
> start work on. The auditor (for version 1.2) will see that the policy
> has changed, and suppress errors for cases which have been caused by
> a change in policy.

That sounds like a good way of handling this.

> I'm not sure how we'd handle importing keys which did not obey the
> policy. Some kind of "imported-keys" file to record the keys which
> have been imported, so the auditor can ignore them, possibly?

Possibly. Although I would like to guard against the user having to
specify this explicitly; maybe if an "imported key" flag is there, the
auditor can ignore non-compliance (perhaps generate a warning? "imported
key does not adhere to policy").



-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-develop mailing list