[Opendnssec-develop] ods-kaspcheck requirements

Rickard Bellgrim rickard at opendnssec.org
Wed Dec 7 08:54:27 UTC 2011

> They seem sensible on a quick look through; if anyone would like to comment
> on them, or update them, now would be a good time ;) .

I have added some more information on the key size checks:

The key strength should be checked for sanity
- warn if less than 1024 or error if more than 4096. Only do this check for RSA.

We should error if the key size is larger than 4096, because that is
not supported in DNSSEC. And this only apply to RSA.

More information about the Opendnssec-develop mailing list