Em 09-04-2014 14:29, Theo de Raadt escreveu: > Alternatively, come to a realization that SSH is not controlled by the > IETF. Let's be honest. Although SSHFP records are a great thing, very few system administrators use it. I use it myself. But only in my internal network and in my own resolver (using bind views). My external authoritative server, and almost all of the hosted based ones, do not have the possibility of adding SSHFP records. I use amazon's route53 and since I use their failover and load balancing features, I must host my records there. They don't have SSHFP records. They don't even have DNSSEC for that matter. SSHFP without DNSSEC isn't that much useful. And even then DNSSEC introduces problems on it's own.
I'm in favor of having IETF to assign a RR number for ed25519. But don't sweat that much if they take an awfully long time to do it, since not that many people uses SSHFP. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
