djm at mindrot.org
Thu May 19 07:49:41 EST 2005
Carson Gaspar wrote:
> The real solution is to stop using known_hosts files. There are some
> patches floating around that do this for X.509 certs, and it's possible
> with GSSAPI already (I think...). It would be really nice to get LDAP or
> DNSSEC support, but I don't think there are current patches for either.
DNSSEC support has been in OpenSSH for around two years.
More information about the openssh-unix-dev