Looking for lost generic application/ssl/fingerprint DNS record draft?
Wes Hardaker
hardaker at tislabs.com
Wed Nov 4 13:55:52 EST 2009
>>>>> On Wed, 04 Nov 2009 16:39:52 +0000, Florian Weimer <fweimer at bfk.de> said:
FW> RFC 4398. There's still no chain from DNSSEC to transport or
FW> application layer crypto, though.
If everything is signed and you use a validating resolving library (of
which there are a few) you can get secure bootstapping into the client.
We've done this for OpenSSH, for example.
--
Wes Hardaker
SPARTA National Security Sector
Cobham Analytic Solutions
More information about the Dnssec-deployment
mailing list