[Bug 2119] SSHFP with DNSSEC – no trust anchors given, validation always fails

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 25 15:06:16 AEST 2018


--- Comment #6 from Mantas M. <grawity at gmail.com> ---
(In reply to Damien Miller from comment #5)
> Are these trusted-key.key files a standard or documented somewhere?

The location isn't quite standard, just a BIND9 default. The *format*
is the same as "zonefile" format for DNSKEY or DS records (so ldns
already has a parser for those).

The sad part is, ldns already allows the path to be set at compile time
and Arch even compiles it with
"--with-trust-anchor=/etc/trusted-key.key"... but it only applies to
CLI tools like `drill`, and not the library itself.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list