[Standards] Unsigned DANE records for TLS assertions

Michal 'vorner' Vaner vorner at vorner.cz
Sun Dec 8 14:27:37 UTC 2013


Good morning

On Thu, Dec 05, 2013 at 12:58:18PM +0000, Tony Finch wrote:
> A related example; OpenSSH uses unsigned SSHFP as a hint to the user, but
> does not trust them. So there is a precedent, but it is hard to get a
> human in the loop on s server-to-server connection :-)

Last time I checked, OpenSSH was paranoid so much it used even signed SSHFP only
as a hint to user. I don't know if it changed since, though.

With regards

-- 
All flame and insults will go to /dev/null (if they fit)

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20131208/fa839cc4/attachment.sig>


More information about the Standards mailing list