[tor-talk] Tor resolver DNSSEC RRs
Adam Langley
agl at imperialviolet.org
Tue Nov 29 14:35:04 UTC 2011
On Tue, Nov 29, 2011 at 6:06 AM, <tor at lists.grepular.com> wrote:
> If the SSHFP RR type is added too, people who use OpenSSH with the
> VerifyHostKeyDNS option can benefit from public key verification when
> SSH'ing into a box for the first time, over Tor.
(It's important to note that OpenSSH trusts the AD bit in the DNS
reply. So, using it with Tor's DNS resolver assumes that Tor acts as a
full, validating, DNSSEC resolver. It would likely be more expeditious
to figure out a way have Unbound forward over Tor.)
Cheers
AGL
--
Adam Langley agl at imperialviolet.org http://www.imperialviolet.org
More information about the tor-talk
mailing list