c8b47a469d
under NetBSD.org domain. Multiple TNF hosts have an up-to-date SSHFP record inside the DNS. This offers a second channel verification for host key fingerprints (weaker than known_hosts, but spoofing a host on first connect would also require DNS forgery). This can provide a trusted second channel (like DANE TLSA records) once DNSSEC gets more widely used, but for now it is purely informational. No regression expected, except that the ssh client will print a message upon first connect to confirm/infirm that it got a correct SSHFP record from DNS. Only done for NetBSD.org domain, SSHFP are sadly more an exception than the rule. Notified on netbsd-users@, no objection after a week -- committed. |
||
|---|---|---|
| .. | ||
| dist/ipsec-tools | ||
| external | ||
| Makefile.openssl | ||
| TODO | ||