To:
dnssec@cafax.se
cc:
miekg@nlnetlabs.nl
From:
Olaf Kolkman <olaf@ripe.net>
Date:
Tue, 03 Apr 2001 13:53:15 +0200
Delivery-Date:
Wed Apr 4 07:59:50 2001
Sender:
owner-dnssec@cafax.se
Subject:
Tools needed
Hello, Miek Gieben (Nlnetlabs) and myself have been looking at tools needed to build a registry. Maybe one of you readers have these tools on the shelf, it would safe us some work :-). We would like to have something like key-id identify_key( Key-RR ) identify_key takes a Key-RR and isolates the key identifier. The bind signing tools have this functionality build in, they append the key-id as a comment to key RR in the zone file. boolean verify-RR ( label and RRset, SIG(RR), KEY) this function takes a label and a RRset, the signature over that RRset and the key with which the signature was made and returns a TRUE if the sig matches the data and FALSE if it does not. It would be nice if perl interfaces for these functions would exist and we could feed the functions data 'cut and pasted' from zone files or dig output. Talking about perl; anybody knows of DNSSEC modules. ( I have a dream Net::DNS with dnssec a dnssec verifyer... ) --Olaf P.S. If people have tools to share I'd be happy to set up a little repository. ----------------------------------------------------- Olaf M. Kolkman | RIPE NCC ----------- | --------------- RIPE NCC | Phone: +31 20 535 4444 Singel 258 | Fax: +31 20 535 4445 1016 AB Amsterdam | http://www.ripe.net The Netherlands | OKolkman@ripe.net