[Opendnssec-develop] Signconf.xml and partial auditing

Jakob Schlyter jakob at kirei.se
Thu Sep 2 05:56:14 UTC 2010


On 1 sep 2010, at 16.28, Alex Dalitz wrote:

> If you define the <Partial> tag in the <Audit> element of signconf.xml (in defiance of the signconf.rnc), then the signer fails. The enforcer does this if it sees <Partial> in the kasp.xml policy.
> 
> Has the enforcer always done this? Has the tag ever existed?

The current signconf schema does allow any tags inside <Audit/>. On the other hand, the comments in the schema indicates that the contents of <Audit> are to be taken from the KASP.

	jakob




More information about the Opendnssec-develop mailing list