Public storage for public keys
Theo Schlossnagle
jesus at omniti.com
Wed Jan 16 07:21:43 EST 2002
On Monday, January 14, 2002, at 08:33 PM, Frank Cusack wrote:
> On Mon, Jan 14, 2002 at 03:24:08PM -0800, Jason Stone wrote:
>> You _could_ use DNSSEC to distribute the keys, and I'm interested in
>> why
>> this ended up being rejected?
>
> I'm not that familiar with dnssec, is it possible for the ssh client to
> know that dns lookups are via dnssec and not "just dns"? If not, this
> sounds like a very bad idea.
>
> If there were a call getkeybyname() and that call only returned success
> if dnssec were used, that might be ok. dunno.
I thought people might be interested in this. One of the guys in my lab
did a project on OpenSSH and DNSSEC integration for exactly this
purpose. It is sound.
http://www.cs.jhu.edu/~claudiu/projects/dnssecssh.html
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
More information about the openssh-unix-dev
mailing list