Re: WG chair nits on draft-ietf-secsh-dns-02.txt

To: ietf-ssh%netbsd.org@localhost
Subject: Re: WG chair nits on draft-ietf-secsh-dns-02.txt
From: Darren J Moffat <Darren.Moffat%Sun.COM@localhost>
Date: Thu, 20 Mar 2003 15:48:38 -0800 (PST)

On Thu, 20 Mar 2003, wes wrote:

> On Thursday, March 20, 2003, at 03:28 PM, Jakob Schlyter wrote:
>
> > On Thu, 20 Mar 2003, Bill Sommerfeld wrote:
> >
> >> An alternate approach which I think is superior is to ensure that the
> >> DNS search path used while resolving SSHFP records comes from a
> >> trusted
> >> source (i.e., not from DHCP or PPP/ipcp).
> >
> > how can the ssh client implementation ensure that?
>
> I don't think the implementation can ensure that. However, the users of
> the client system can ensure that by manually coding a DNS search path
> that doesn't get over-written by DHCP.

I doubt very much that normal users can do any such thing. On most
systems DNS configuration is system wide, not per user.
Most users don't even know what DNS is (and they shouldn't really need to).

The administrator of the system may be able to do what is suggested -
but it depends on the OS and how it deals with DHCP.  It also depends on
what APIs will be available for DNSSEC and/or normal DNS.

Clever users with use of LD_PRELOAD (and its equivalent if it exists) on
UNIX like systems might be able to do what was suggested.

-- 
Darren J Moffat

References:
- Re: WG chair nits on draft-ietf-secsh-dns-02.txt
  - From: wes

Prev by Date: Re: WG chair nits on draft-ietf-secsh-dns-02.txt
Next by Date: Re: WG chair nits on draft-ietf-secsh-dns-02.txt
Previous by Thread: Re: WG chair nits on draft-ietf-secsh-dns-02.txt
Next by Thread: Re: WG chair nits on draft-ietf-secsh-dns-02.txt
Indexes:

Home | Main Index | Thread Index | Old Index