Re: sshfp records

To: debian-user@lists.debian.org
Subject: Re: sshfp records
From: Richard Hector <richard@walnut.gen.nz>
Date: Wed, 23 Jan 2013 17:34:49 +1300
Message-id: <[🔎] 50FF6869.9080200@walnut.gen.nz>
In-reply-to: <[🔎] 20130123035909.GA22754@hysteria.proulx.com>
References: <[🔎] CAKmZw+Z3mPKi8oyaqA-4=UX=Xv=JciA+K6LPcZwF3c_gfPKMQQ@mail.gmail.com> <[🔎] 20130122182055.GC11290@hysteria.proulx.com> <[🔎] CAKmZw+Y+dHARQc9qP9wmgpD3MYyw+BmXmQWz3ad_gbwKKiTNAg@mail.gmail.com> <[🔎] 20130123035909.GA22754@hysteria.proulx.com>

On 23/01/13 16:59, Bob Proulx wrote:
> Brad Alexander wrote:
>> > Rookie mistake from messing with this too late at night. Apparently it
>> > only works with fully qualified domain names (therefore working more
>> > like dig than host):
> I wouldn't call that a rookie mistake.  It seems like a missing
> feature that it doesn't map through to the dns name of the host.  That
> just seems like it is missing some maturity in this brand new
> feature.  (I haven't used the feature yet.  Thank you for motivating
> me to look at it at least a little bit.)
> 

It looks like that's been considered and possibly rejected, due to the
difficulty of remaining secure through the domain searches etc - you
have to rely on the order of the domains in resolv.conf to get the right
one, for starters.

This thread is interesting:

http://www.gossamer-threads.com/lists/openssh/dev/50638?do=post_view_threaded#50638

Richard

Reply to:

References:
- sshfp records
  - From: Brad Alexander <storm16@gmail.com>
- Re: sshfp records
  - From: Bob Proulx <bob@proulx.com>
- Re: sshfp records
  - From: Brad Alexander <storm16@gmail.com>
- Re: sshfp records
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: Client "daemon" for sorting e-mail via IMAP
Next by Date: Multiple CD ISO-image USB Booting?
Previous by thread: Re: sshfp records
Next by thread: how to install touchegg in debian ?
Index(es):
- Date
- Thread