[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor resolver DNSSEC RRs



On Tue, Nov 29, 2011 at 6:06 AM,  <tor@xxxxxxxxxxxxxxxxxx> wrote:
> If the SSHFP RR type is added too, people who use OpenSSH with the
> VerifyHostKeyDNS option can benefit from public key verification when
> SSH'ing into a box for the first time, over Tor.

(It's important to note that OpenSSH trusts the AD bit in the DNS
reply. So, using it with Tor's DNS resolver assumes that Tor acts as a
full, validating, DNSSEC resolver. It would likely be more expeditious
to figure out a way have Unbound forward over Tor.)


Cheers

AGL

-- 
Adam Langley agl@xxxxxxxxxxxxxxxxxx http://www.imperialviolet.org
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk