[Opendnssec-develop] Signconf.xml and partial auditing
Jakob Schlyter
jakob at kirei.se
Thu Sep 2 05:56:14 UTC 2010
On 1 sep 2010, at 16.28, Alex Dalitz wrote:
> If you define the <Partial> tag in the <Audit> element of signconf.xml (in defiance of the signconf.rnc), then the signer fails. The enforcer does this if it sees <Partial> in the kasp.xml policy.
>
> Has the enforcer always done this? Has the tag ever existed?
The current signconf schema does allow any tags inside <Audit/>. On the other hand, the comments in the schema indicates that the contents of <Audit> are to be taken from the KASP.
jakob
More information about the Opendnssec-develop
mailing list