[Opendnssec-develop] Fwd: Minutes and Actions from RIPE 66

Matthijs Mekking matthijs at nlnetlabs.nl
Tue May 21 08:15:34 UTC 2013


On 05/21/2013 07:57 AM, Rick van Rein (OpenFortress) wrote:
> Hey Sara and others,
> 
>> The minutes from the developers workshop are also available for
>> review:
> 
> Thanks.
> 
> Textual: Should "a minor version bump (to 1.5) under the new policy"
> be "…under the current policy"?

To my understanding this should indeed read as "under the current policy".

> On the contents: It's a pitty that the version policy doesn't state
> "when the same options are used, the new feature must not lead to
> different behaviour".  Shouldn't that have been part of the
> solution?

We have agreed on that during the meetings. And I agree that we should
such text that to the wiki.


> On the contents of views:  The uniqueness of zone names may well be
> assumed "at a low level in the code", but note that no implications
> follow from it; specifically, I doubt if it is assumed that the
> string represents a DNS zone.  It should be possible to introduce a
> special format that is the functional equivalent of the <zone,view>
> tuple that should replace the zone name string, for instance
> "openfortress.nl at internal" -- all that seems to be required is that
> the signer strips off this "@" part when generating signatures and
> files.  Surrounding tooling should setup such a view in a different
> in/out location, of course.

I was thinking of such an approach too during the Dublin meeting, but it
is just reflecting the pain to some other part. The signer uses the zone
name internally as the zone identifier, it can look up zones by the
string representation of a name, or the domain name itself. The latter
functionality should be adjusted to support views. It is doable, though
it is some more work then expected, and I am not sure about how the
enforcer-ng should be adapted.

Best regards,
  Matthijs

> 
> 
> Thanks, -Rick_______________________________________________ 
> Opendnssec-develop mailing list 
> Opendnssec-develop at lists.opendnssec.org 
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130521/e6848f67/attachment.bin>


More information about the Opendnssec-develop mailing list