IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WG chair nits on draft-ietf-secsh-dns-02.txt



> > An alternate approach which I think is superior is to ensure that the
> > DNS search path used while resolving SSHFP records comes from a trusted
> > source (i.e., not from DHCP or PPP/ipcp).
> 
> how can the ssh client implementation ensure that?

The ssh client can't, but a system containing an ssh client could.

Security considerations are not just for subsystem implementors;
they're also for the users..

					- Bill



Home | Main Index | Thread Index | Old Index