#arpnetworks 2016-06-20,Mon

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
pyvpxhost keys in DNSSEC? (or DNSCrypt :p)
I know that is (was?) a thing. never done it myself
[00:51]
fIorz_indeed, I haven't looked for that yet, but yeah, I thought something along the lines of listing the fingerprints in the web interface [00:54]
............................... (idle for 2h33mn)
brycecSSHFP is what you're thinking of, and yeah it's only "trustworthy" if the domain is signed, and even then only if the resolver checks DNSSEC...
(In other words, all depending on your level of paranoia)
One might publish a fingerprint on the website, but then there's the whole entire trust chain, starting with DNSSEC and DNS in general, to SSL cert chain trust, to the website/host security itself and whether someone injected malicious content into an otherwise-official page.
[03:27]
fIorz_well, sure, but it would certainly be strictly not worse than not having it :-)
and while the trust model of the x509 PKI certainly is questionable, it does do a pretty good job against local attackers
[03:31]
......... (idle for 40mn)
brycecRegardless, sshfp verification is off by default (last I checked) so Most Users(tm) aren't going to benefit from it, not unless they already know about it or their system administrator does anyways. I don't say this as a reason not to bother using it, just to point out that Everything Is Awful(tm) [04:12]
mercutioi notice most people just delete a key when they see that prompt for changed fingerprint [04:19]
s/most/some/ [04:29]
BryceBot<mercutio> i notice some people just delete a key when they see that prompt for changed fingerprint [04:29]
.......... (idle for 47mn)
***dj_goku has quit IRC (Ping timeout: 260 seconds)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
toeshred has quit IRC (Ping timeout: 244 seconds)
[05:16]
toeshred has joined #arpnetworks [05:31]
........ (idle for 35mn)
fIorz_ is now known as fIorz [06:06]
........................................... (idle for 3h30mn)
ben2 has joined #arpnetworks
ChanServ sets mode: +o ben2
mercutio has quit IRC (Ping timeout: 244 seconds)
[09:36]
........................ (idle for 1h57mn)
neish_ is now known as neish [11:34]
.................... (idle for 1h38mn)
awyeah has quit IRC (Quit: ZNC - http://znc.in)
awyeah has joined #arpnetworks
[13:12]
....................... (idle for 1h50mn)
ben2 is now known as mercutio [15:05]
................ (idle for 1h19mn)
Lucifer333 has quit IRC (Quit: Leaving) [16:24]
................................................... (idle for 4h11mn)
atmark has joined #arpnetworks [20:35]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)