Yegor Ievlev wrote: > > I think it's a very bad idea to have the client start treating foreign > > network input as equivalent to local configuration. > > Well, SSHFP is supposed to only be used on DNSSEC-enabled domains. To the client it's still foreign input, even though it's signed by (best case) the remote site DNS administrator. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev