Re: SSHFP DNS - OS / stub resolvers that deliver "secured" answers ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Thu, 15 Dec 2022 at 01:36, vom513 <vom513@xxxxxxxxx> wrote:
> However one thing that I’m still trying to wrap my head around is the mechanism under the hood to mark fingerprints as “secure”.

The thing you're looking for is the "Authenticated Data" or AD bit
(RFC3655) in your resolver library.  If your system resolver doesn't
support this OpenSSH can be built against LDNS (./configure
--with-ldns) which does.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux