Public storage for public keys

Frank Cusack fcusack at fcusack.com
Tue Jan 15 12:33:15 EST 2002


On Mon, Jan 14, 2002 at 03:24:08PM -0800, Jason Stone wrote:
> You _could_ use DNSSEC to distribute the keys, and I'm interested in why
> this ended up being rejected?

I'm not that familiar with dnssec, is it possible for the ssh client to
know that dns lookups are via dnssec and not "just dns"?  If not, this
sounds like a very bad idea.

If there were a call getkeybyname() and that call only returned success
if dnssec were used, that might be ok.  dunno.

/fc



More information about the openssh-unix-dev mailing list