openssh unix dev - Aug 2000 - combining openSSH and DNSSEC

Hi everybody,

in a university project I started building DNSSEC features into the
current release of openSSH.
The openSSH client I modified now authenticates a server through DNSSEC.

I wanted to ask if there are already plans in the openSSH community to
integrate DNSSEC features. 
I really enjoyed working with openSSH and would like to continue my work
and contribute it.

I am about to set up a web page on my project which will contain more
details.

If anybody thinks that my work could be of future use, please let me know!

Stefan

Stefan Mangard wrote:
> The openSSH client I modified now authenticates a server through DNSSEC.
That sounds like an interesting idea, but surely DNSSEC only makes
sure that you get the authentic IP address?  If the connection is
hijacked later on, you are no better off.

Personally I am very interested in playing with different ways of
doing authentication...

-- 
Pete

> That sounds like an interesting idea, but surely DNSSEC only makes
> sure that you get the authentic IP address?  If the connection is
> hijacked later on, you are no better off.
Actually I am going one step further. I also use the DNS features to
distribute the public host keys. 
The DNS server signs the host keys of all machines in a network. 
Therefore not only the IP is authenticated, but also the host itself.
The DNS server acts as a kind of key distribution server.
The advantage compared to the standard system lies in the fact that it is
only necessary to have the public key of the DNS server, which is used for
signing and not for each host of the network.

A page with all details will be online from tomorrow on. There will be a
link on the page:

http://www.cs.jhu.edu/hisl

The project name is LADON.
> Personally I am very interested in playing with different ways of
> doing authentication...
Me too ;-)

Stefan

-- 
Sent through GMX FreeMail - http://www.gmx.net