| Shock Jiang | 0b165f4 | 2014-10-24 09:08:09 -0700 | [diff] [blame] | 1 | rule |
| 2 | { | ||||
| 3 | id "NDNS Validator" | ||||
| 4 | for data | ||||
| 5 | checker | ||||
| 6 | { | ||||
| 7 | type customized | ||||
| 8 | sig-type rsa-sha256 | ||||
| 9 | key-locator | ||||
| 10 | { | ||||
| 11 | type name | ||||
| 12 | hyper-relation | ||||
| 13 | { | ||||
| 14 | k-regex ^(<>*)<KEY>(<>*)<><ID-CERT>$ | ||||
| 15 | k-expand \\1\\2 | ||||
| 16 | h-relation @RELATION@ ; data is only allowed to be signed by the zone key | ||||
| 17 | p-regex ^(<>*)[<KEY><NDNS>](<>*)<><>$ | ||||
| 18 | p-expand \\1\\2 | ||||
| 19 | } | ||||
| 20 | } | ||||
| 21 | } | ||||
| 22 | } | ||||
| 23 | |||||
| 24 | trust-anchor | ||||
| 25 | { | ||||
| 26 | type file | ||||
| 27 | file-name @ANCHORPATH@ | ||||
| 28 | } | ||||