Small issue with DNSSEC / SSHFP
Philip Homburg
pch-openssh at u-1.phicoh.com
Tue Jun 23 23:09:04 AEST 2015
In your letter dated Mon, 22 Jun 2015 17:24:01 -0700 you wrote:
>It's probably of minor importance, since DNS fingerprinting is not the best
>primary mechanism to verify a server's host key fingerprint.
My experience is that my sites do not have any sensible policy of publishing
ssh fingerprints and quite a few admins would quite like to use DNSSEC
validated fingerprints.
More information about the openssh-unix-dev
mailing list