Re: X.509 and ssh
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 12 Feb 2006 15:26:36 -0500
"DT" == Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> writes:
DT> On 2006-02-12, Richard E. Silverman <res@xxxxxxxx> wrote:
>>>>>>> "DT" == Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> writes:
DT> There's another option not mentioned, and it is a (proposed)
DT> standard: SSH fingerprints via DNS, RFC4255. It needs a secure
DT> DNS to be useful, and only helps with known hosts, though.
>> Good point; thanks. I'm not sure what you mean by "only helps
>> with known hosts," though; could you clarify?
DT> You can't use it to centralise, eg, authorized_keys.
DT> To achieve the same effect as, eg, kerberos single sign on you
DT> would still need to distribute authorized_keys files to the
DT> relevant servers.
Oh, you mean it doesn't help with user authentication. Yes; I was only
talking about server auth.
- Re: Confuse about Secure dynamic update
... I confuse about secure dyamic update because only authorize ... > clients could register DNS records. ...
- what is a secure dynamic update (dns)
... secure dynamic updates and that the owner of the dns record is the computer ... Is that the whole story or is there something else to a 'secure dynamic' ... Why are active directory integrated zones required? ...
- Re: XP can not register using secure updates?
... They have set-up an authoritative sub-domain for us called ba.byu.edu which point to our four DNS servers. ... What boggles my mind is that even though the GPO specifies Secure updates only, it only updates DNS if the DNS server accepts secure and insecure updates. ... The question that I have now is this: I've set up the DNS servers to accept only Secure updates to the the DNS. ...
- Re: MS DHCP Server and BIND DDNS
... I've done some testing and it does work, provided that the dns suffix ... of the machine matches the BIND zone. ... Option 081 is default on Microsoft DHCP. ... btw- BIND does NOT support Microsoft Secure Updates. ...
- Re: [Full-disclosure] Re: router naming
... :>How about using FIPS-55. ... I'd say keep the city names, and secure the router. ... (There are dozens of other options: publish an obscure name in public DNS, ... And if you're going to publish LOC records, why not publish HINFO records as ...