Bootstrapping SSH security

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hey,

What is the canonical way that SSH security should be bootsrapped. How
are users expected to know if fingerprint is correct or not?
To me canonical way seems that it's not done, at all, only very very
few use communicate the fingerprints somehow.

Are there reasons why we couldn't out-of-the-package trust on SSHFP
when found with validating DNSSEC?
Those few how have higher security requirements could manually turn it
off. I feel it would be net-gain on security, but I may have missed
some important arguments.

Thanks,
-- 
  ++ytti
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux