[Unbound-users] root key format
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue May 15 08:37:14 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Paul,
On 05/09/2012 07:59 PM, Paul Wouters wrote:
> On Wed, 9 May 2012, Jan-Piet Mens wrote:
>
>>> I would like to ship 1 file format that can be used for both.
>>> Am I overlooking something?
>>
>> The rdata portion is identical in both cases, so you could ship
>> that and "build" the format you need upon initializing your
>> application. Would that work?
>
> Ideally, I would like to ship one format of the root key, usuable
> by any application, not just unbound. I had hoped that the format
> everyone would decide on was the trusted-key statement in bind
> syntax.
>
> I'm trying to avoid shipping the root key in various tools and
> applications.
>
> With respect to unbound, it would be nice if the daemon and the
> library could settle on 1 format to use.
int ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname);
This loads bind-style trusted keys from the libunbound library.
I would prefer the 'auto-trust-anchor-file' format, which is not
usable by bind, but it supports RFC5011.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPshW6AAoJEJ9vHC1+BF+Nep0P/1+tJypFn1vvmOLS4UZwjtUC
HGcreanknfiRl6/jdj8DJA5E+QMrPpf/iPJobJ+LEyN17bDmEbZeQA4BtOPdpwck
l4TCp6r7aIpLEybDzsU+oYl5Jz1eiJamZW44KQFAKhWDloACKK0v8jcFcowHb+9/
NlOwXJ8UEWmQPHDUapmf3/Ejln0+9t3AYXf9QVIu4iOkwJ+C4TMGi3sDTpcoUDe2
0LTi4UM9NUj0suLdMySfwQ68JRnk2306m2zQ9uKdDh7IwRh3ntVT6S+OpUC6b30X
49OCyClAJj8pP2KroTLkzUTX2F2QcBkxly6wlDyMSMTMWWAMEbyCkM7z2WLtKGat
o4kOMVl1VoktKvwoi1vOxnecVbz34Y7kdAXK0a8LVqrE0fsDLbf4nkQZKBySN64B
dUO3mp1a/Vd//VZmsynld6jrUAa3faDwIbxRpL+bzCs4jsaJ2m//a14X2c6vxw4I
lXyMjC3Sa5wM4gX2NRfiN9KNPTNo39l8Y4I2NXXOidb+hASX5kZDkbKnvkPz8pEy
fI13I/xJV96qdfmCE8sIzTo1sccxN6dlyml//53oq8h4IVeu3Yp7uAAymiLgU/iS
HjXp2VtQ6ZNlO+V2fErin8Xj862tSdHh6UhipZ8MirNklMcvQcAIn/sUnAtgjSkr
Fuw2f1T6lsjvki5wD+RS
=6q4X
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list