[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor resolver DNSSEC RRs

On 11/29/2011 06:35 AM, Adam Langley wrote:
> On Tue, Nov 29, 2011 at 6:06 AM,  <tor@xxxxxxxxxxxxxxxxxx> wrote:
>> If the SSHFP RR type is added too, people who use OpenSSH with the
>> VerifyHostKeyDNS option can benefit from public key verification when
>> SSH'ing into a box for the first time, over Tor.
> (It's important to note that OpenSSH trusts the AD bit in the DNS
> reply. So, using it with Tor's DNS resolver assumes that Tor acts as a
> full, validating, DNSSEC resolver. It would likely be more expeditious
> to figure out a way have Unbound forward over Tor.)

That's something that I've started to work on with letoams and there's a
bit of progress here:


All the best,
tor-talk mailing list