IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: draft-ietf-secsh-dns-01.txt Fingerprint digest alg



On Thu, 7 Nov 2002 jon%siliconcircus.com@localhost wrote:

> Wouldn't backwards compatibility be better served by requiring SHA1 and
> additionally recommending MD5 be provided?

there is nothing to be backwards compatible with since sshfp isn't yet
deployed.

users will not verify the fingerprints distributed with sshfp themselves,
their software will. why? since without dnssec validation, sshfp is
practically useless and verifying the dnssec signature of the sshfp
manually isn't doable.

	jakob

-- 
Jakob Schlyter <jakob%crt.se@localhost>                Network Analyst
Phone:  +46 31 701 42 13, +46 70 595 07 94   Carlstedt Research & Technology




Home | Main Index | Thread Index | Old Index