|Subject:||Make the "verify" operation chose the key to use for verification internally|
Hi. I'd like for the "verify" function in RRSIG.pm to accept, as the second $keyrr parameter, instead an array of Net::DNS::RR:DNSKEY's, and then pick the appropriate key using keytag selection. See the verify docs to see more what I mean:One complication may be that comparing keytag's may not be sufficient in deciding which key to use. If more than one key has the same keytag, you'll likely have to attempt verification with both, and use the results from the one where verification succeeded (if any). Perhaps by perl magic it is possible to support both a scalar and array parameter, so you don't have to break the "verify" function API. Btw, pending this functionality, I have made a simple workaround inside DNSSEC Walker: Solving this inside the "verify" operation, especially for keytag collisions, appear better though. Thanks!