On Tue, Nov 29, 2011 at 6:06 AM, <[email protected]> wrote: > If the SSHFP RR type is added too, people who use OpenSSH with the > VerifyHostKeyDNS option can benefit from public key verification when > SSH'ing into a box for the first time, over Tor.
(It's important to note that OpenSSH trusts the AD bit in the DNS reply. So, using it with Tor's DNS resolver assumes that Tor acts as a full, validating, DNSSEC resolver. It would likely be more expeditious to figure out a way have Unbound forward over Tor.) Cheers AGL -- Adam Langley [email protected] http://www.imperialviolet.org _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
