DSA Fingerprints...

[Darren Moffat]

>	Last question...  Given SecureDNS as a predicate (ok...  Oxymoron
>with most of the DNS out there, but I have several in several zones.) and
>given that we can publish keys in the DNS, can OpenSSH use them to validate
>the host keys?  I can do with with FreeS/WAN (Linux IPSec) where I specify
>to use the host public key from DNS, I was just wondering if that is
>possible or planned for SSH as well.  For zones under my total control,
>that simplifies my host key management immensely (which is a point in
>the KS paper).

Currently under discussion in the IETF working group just now as

draft-griffin-ssh-host-keys-in-dns-00.txt

Got to www.ietf.org to get a copy of the text

--
Darren J Moffat