[Bug 1745] New: Matching @cert-authority entries when using unqualified hostnames

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 27 10:07:16 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1745

           Summary: Matching @cert-authority entries when using
                    unqualified hostnames
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: imorgan at nas.nasa.gov


When connecting to a server in the same DNS domain using an unqualified
hostname, it can be problematic to find a safe pattern to allow an
@cert-authority record to validate a host certificate.

It would make host certificates much more useful if either the
hostname of the server were canonicalized before matching against the
@cert-authority record, or (as suggested by Damien) the ability to
match against the IP address using CIDR notation were added.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list