To:
dnssec@cafax.se
cc:
miekg@nlnetlabs.nl
From:
Olaf Kolkman <olaf@ripe.net>
Date:
Tue, 03 Apr 2001 13:53:15 +0200
Delivery-Date:
Wed Apr 4 07:59:50 2001
Sender:
owner-dnssec@cafax.se
Subject:
Tools needed
Hello,
Miek Gieben (Nlnetlabs) and myself have been looking at tools needed
to build a registry. Maybe one of you readers have these tools on the
shelf, it would safe us some work :-).
We would like to have something like
key-id identify_key( Key-RR )
identify_key takes a Key-RR and isolates the key identifier. The bind
signing tools have this functionality build in, they append the key-id
as a comment to key RR in the zone file.
boolean verify-RR ( label and RRset, SIG(RR), KEY)
this function takes a label and a RRset, the signature over that RRset
and the key with which the signature was made and returns a TRUE if the
sig matches the data and FALSE if it does not.
It would be nice if perl interfaces for these functions would exist
and we could feed the functions data 'cut and pasted' from zone files
or dig output.
Talking about perl; anybody knows of DNSSEC modules. ( I have a dream
Net::DNS with dnssec a dnssec verifyer... )
--Olaf
P.S. If people have tools to share I'd be happy to set up a little
repository.
-----------------------------------------------------
Olaf M. Kolkman | RIPE NCC
----------- | ---------------
RIPE NCC | Phone: +31 20 535 4444
Singel 258 | Fax: +31 20 535 4445
1016 AB Amsterdam | http://www.ripe.net
The Netherlands | OKolkman@ripe.net