Improve SSHFP record support

New ideas and constructive comments go here.

Moderator: Moderators

Improve SSHFP record support

Postby candrews » Mon Mar 30, 2015 8:40 am

The SSHFP record interface only supports fingerprint type 1 (SHA-1) - it would be pretty great to also support FP 2 (which is SHA-256).

It also only supports algorithms 1 (RSA) and 2 (DSA). It would likewise be nice to support algorithms 3 (ECDSA) and 4 (Ed25519).

These supplements to SSHFP are described at https://tools.ietf.org/html/rfc6594 and http://www.iana.org/go/rfc7479

Thanks!
candrews
 
Posts: 29
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby Seth » Mon Mar 30, 2015 8:49 am

The PowerDNS docs only reference RFC 4255, so I can't say right now without checking the source code if it'll allow more than that or not.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
 
Posts: 281
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada

Re: Improve SSHFP record support

Postby candrews » Thu Apr 28, 2016 6:41 am

I just took a look through the PowerDNS source code at https://github.com/PowerDNS/pdns/search?q=sshfp PowerDNS doesn't do any checking on the algorithm or fptype fields of the SSHFP records - it simply requires them to be integers.

I also contacted PowerDNS and asked them to add RFC 6594 and RFC 7479 to their compliance page at https://www.powerdns.com/compliance.html

Thanks!
candrews
 
Posts: 29
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby candrews » Thu Jun 09, 2016 8:13 am

*bump*

This seems like it should be a really easy to change to make... just add a couple new options to the drop down :)
candrews
 
Posts: 29
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby candrews » Thu Sep 22, 2016 8:39 am

This really does seem super simple. Can you please make this improvement?
candrews
 
Posts: 29
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby Seth » Tue May 30, 2017 1:18 pm

I'm looking at our code for SSHFP type and it appears this is already done as far as the ACC is concerned (last change date is Dec. 4, 2016). Is it not working?
Seth Mattinen, Roller Network LLC
Seth
Site Admin
 
Posts: 281
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada

Re: Improve SSHFP record support

Postby candrews » Tue May 30, 2017 1:50 pm

I never noticed the change was done...I stopped checking :D

Thanks!
~Craig
candrews
 
Posts: 29
Joined: Thu Jul 24, 2008 11:50 am


Return to Suggestion Box

Who is online

Users browsing this forum: No registered users and 1 guest

cron