[patch] SSH host keys in DNS

Wesley Griffin wgriffin at tislabs.com
Tue Jul 10 06:08:10 EST 2001


* mouring at etoh.eviladmin.org <mouring at etoh.eviladmin.org> [07/09/01 15:55]:
> 
> I've not looked at the patches yet, but are you basing this off any RFC?
> I know on the IETF list they talked about this, but I don't remember any
> drafts unless they occured on the DNS mailinglist.
 
I'm the author of the secsh draft on store host keys in DNS :) There are
no other RFCs about this, either in the secsh or dnsext working groups.
I've been asked to write an implementation draft for the secsh working
group, and I'm thinking it through, now that I have some experience
implementing this...
 
> On Mon, 9 Jul 2001, Wesley Griffin wrote:
> 
> > I've made some changes to the 2.9p2 release code to add support for
> > using DNSSEC lookups to check host keys. I've also made the changes to
> > the OPENBSD_2_9 tree. Both patches are available at
> > ftp://ftp.tislabs.com/pub/fmeshd/ as
> > openssh.[portable,openbsd].patch.20010709
> >
> > I'm really looking for testers at this time. Right now the lookups are
> > done using a getrrsetbyname() function that is part of the BIND9 lwres
> > API. I'm in the process of writing a similar standalone function for the
> > OpenBSD tree.
> >
> > There is a README.DNSSEC file in the directory that has more details.

-- 
Wesley Griffin                                                  NAI Labs
wgriffin at tislabs.com                                     443.259.2388



More information about the openssh-unix-dev mailing list