[dnssec-deployment] Looking for lost generic application/ssl/fingerprint DNS record draft?

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Wed Nov 4 19:45:48 EST 2009


On Wed, Nov 04, 2009 at 10:55:52AM -0800, Wes Hardaker wrote:
> >>>>> On Wed, 04 Nov 2009 16:39:52 +0000, Florian Weimer <fweimer at bfk.de> said:
> 
> FW> RFC 4398.  There's still no chain from DNSSEC to transport or
> FW> application layer crypto, though.
> 
> If everything is signed and you use a validating resolving library (of
> which there are a few) you can get secure bootstapping into the client.
> We've done this for OpenSSH, for example.

	true that - however Florian is still correct

> -- 
> Wes Hardaker
> SPARTA National Security Sector
> Cobham Analytic Solutions
> 

--bill



More information about the Dnssec-deployment mailing list