[Bug 2119] SSHFP with DNSSEC – no trust anchors given, validation always fails
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri May 25 15:06:16 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
--- Comment #6 from Mantas M. <grawity at gmail.com> ---
(In reply to Damien Miller from comment #5)
> Are these trusted-key.key files a standard or documented somewhere?
The location isn't quite standard, just a BIND9 default. The *format*
is the same as "zonefile" format for DNSKEY or DS records (so ldns
already has a parser for those).
The sad part is, ldns already allows the path to be set at compile time
and Arch even compiles it with
"--with-trust-anchor=/etc/trusted-key.key"... but it only applies to
CLI tools like `drill`, and not the library itself.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list