Displaying 2 results from an estimated 2 matches for "shambarger".
Did you mean:
hamburger
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2015 Dec 11
4
[Bug 2516] New: ssh client shouldn't trust the DNS AD bit blindly
...Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: scott-mindrot at shambarger.net
I've been working on getting DNSSEC local validation working on OSX
with ldns (see bug 2119), and I see that the code for libresolv and
libldns both trust the AD bit in DNS responses for the SSHFP by
default.
>From RFC 4035 section 4.6,
A resolver MUST disregard the meaning of the C...