IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WG chair nits on draft-ietf-secsh-dns-02.txt



<wg chair hat off>

An alternate approach which I think is superior is to ensure that the
DNS search path used while resolving SSHFP records comes from a
trusted source (i.e., not from DHCP or PPP/ipcp).

Also, the security of SSHFP records depends on the client being
properly configured as a secure DNS client; exactly what is required
to do this are out of scope for the SSHFP document but some methods
are described in references [4] and [9].

						- Bill





Home | Main Index | Thread Index | Old Index