Improve SSHFP record support

New ideas and constructive comments go here.

Moderator: Moderators

Improve SSHFP record support

Postby candrews » Mon Mar 30, 2015 8:40 am

The SSHFP record interface only supports fingerprint type 1 (SHA-1) - it would be pretty great to also support FP 2 (which is SHA-256).

It also only supports algorithms 1 (RSA) and 2 (DSA). It would likewise be nice to support algorithms 3 (ECDSA) and 4 (Ed25519).

These supplements to SSHFP are described at https://tools.ietf.org/html/rfc6594 and http://www.iana.org/go/rfc7479

Thanks!
candrews
 
Posts: 26
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby Seth » Mon Mar 30, 2015 8:49 am

The PowerDNS docs only reference RFC 4255, so I can't say right now without checking the source code if it'll allow more than that or not.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
 
Posts: 265
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada

Re: Improve SSHFP record support

Postby candrews » Thu Apr 28, 2016 6:41 am

I just took a look through the PowerDNS source code at https://github.com/PowerDNS/pdns/search?q=sshfp PowerDNS doesn't do any checking on the algorithm or fptype fields of the SSHFP records - it simply requires them to be integers.

I also contacted PowerDNS and asked them to add RFC 6594 and RFC 7479 to their compliance page at https://www.powerdns.com/compliance.html

Thanks!
candrews
 
Posts: 26
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby candrews » Thu Jun 09, 2016 8:13 am

*bump*

This seems like it should be a really easy to change to make... just add a couple new options to the drop down :)
candrews
 
Posts: 26
Joined: Thu Jul 24, 2008 11:50 am

Re: Improve SSHFP record support

Postby candrews » Thu Sep 22, 2016 8:39 am

This really does seem super simple. Can you please make this improvement?
candrews
 
Posts: 26
Joined: Thu Jul 24, 2008 11:50 am


Return to Suggestion Box

Who is online

Users browsing this forum: Google [Bot] and 1 guest