On 11/29/2011 06:35 AM, Adam Langley wrote: > On Tue, Nov 29, 2011 at 6:06 AM, <t...@lists.grepular.com> wrote: >> If the SSHFP RR type is added too, people who use OpenSSH with the >> VerifyHostKeyDNS option can benefit from public key verification when >> SSH'ing into a box for the first time, over Tor. > > (It's important to note that OpenSSH trusts the AD bit in the DNS > reply. So, using it with Tor's DNS resolver assumes that Tor acts as a > full, validating, DNSSEC resolver. It would likely be more expeditious > to figure out a way have Unbound forward over Tor.) >
That's something that I've started to work on with letoams and there's a bit of progress here: https://gitweb.torproject.org/ioerror/ttdnsd.git/blob/665a534df8394d221f07a9155eee6211ddc33f1c:/misc/README.unbound https://gitweb.torproject.org/ioerror/ttdnsd.git/commit/14c806d5ec0d6a171532c84c5e0fdbe7974e3f20 All the best, Jake _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
