bugzilla-daemon at mindrot.org
2023-Jul-10 07:03 UTC
[Bug 1672] add local DNSSEC validation
https://bugzilla.mindrot.org/show_bug.cgi?id=1672 --- Comment #8 from pva <peter.volkov at gmail.com> --- What is the status of this patch? It looks like many people don't realize that without a secure local resolver, SSHFP just hides security under the carpet: instead of a clear one-time 'yes' it makes this 'yes' unattended, yet it's still possible for mitm on local networks, for example, by redirecting DNS and ssh traffic to attackers computer. -- You are receiving this mail because: You are watching the assignee of the bug.
Apparently Analagous Threads
- auto-accept keys matching DNSSEC-validated SSHFP records
- [Bug 1672] New: add local DNSSEC validation
- [Bug 1672] add local DNSSEC validation
- [Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
- [Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME