kitencx / connectbot

Automatically exported from code.google.com/p/connectbot
Apache License 2.0
0 stars 0 forks source link

Lookup host keys via DNSSEC #74

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
RFC 4255 provides a way to verify host keys via DNSSEC. VeriSign has a nice
suite of DNSSEC tools in Java released under LGPL.

References:
http://www.snailbook.com/docs/dns-fingerprints.txt
http://www.verisignlabs.com/dnssec-tools/

Original issue reported on code.google.com by kenny@the-b.org on 3 Nov 2008 at 8:02

GoogleCodeExporter commented 9 years ago
I consider this a very nice mechanism for securing the "leap of faith" when a 
host is
first encountered.  We systematically put SSHFP RRs into our DNS zone, and our 
zones
are DNSSEC-signed, so this would be immediately useful to me (provided that our 
trust
anchor can be configured somehow).
-- 
Simon.

Original comment by simon.le...@gmail.com on 4 Jan 2009 at 1:34