[Bug 2217] Allow using _ssh SVCB records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Nov 14 00:03:27 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=2217

--- Comment #4 from Jeremy Saklad <stadium-cyclops.0i at icloud.com> ---
I agree that SVCB is the way to go in the future. One nuance: in
keeping with
<https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-dane/>, I think
SSHFP records should be requested for the target server, and only used
if the SVCB records are also secured with DNSSEC.

SSHFP records could also be designated for automatic retrieval similar
to A/AAAA records, with the support of resolvers.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list