[00:51] host keys in DNSSEC? (or DNSCrypt :p) [00:51] I know that is (was?) a thing. never done it myself [00:54] indeed, I haven't looked for that yet, but yeah, I thought something along the lines of listing the fingerprints in the web interface [03:27] SSHFP is what you're thinking of, and yeah it's only "trustworthy" if the domain is signed, and even then only if the resolver checks DNSSEC... [03:28] (In other words, all depending on your level of paranoia) [03:29] One might publish a fingerprint on the website, but then there's the whole entire trust chain, starting with DNSSEC and DNS in general, to SSL cert chain trust, to the website/host security itself and whether someone injected malicious content into an otherwise-official page. [03:31] well, sure, but it would certainly be strictly not worse than not having it :-) [03:32] and while the trust model of the x509 PKI certainly is questionable, it does do a pretty good job against local attackers [04:12] Regardless, sshfp verification is off by default (last I checked) so Most Users(tm) aren't going to benefit from it, not unless they already know about it or their system administrator does anyways. I don't say this as a reason not to bother using it, just to point out that Everything Is Awful(tm) [04:19] i notice most people just delete a key when they see that prompt for changed fingerprint [04:29] s/most/some/ [04:29] i notice some people just delete a key when they see that prompt for changed fingerprint [05:16] *** dj_goku has quit IRC (Ping timeout: 260 seconds) [05:16] *** dj_goku has joined #arpnetworks [05:16] *** dj_goku has quit IRC (Changing host) [05:16] *** dj_goku has joined #arpnetworks [05:19] *** toeshred has quit IRC (Ping timeout: 244 seconds) [05:31] *** toeshred has joined #arpnetworks [06:06] *** fIorz_ is now known as fIorz [09:36] *** ben2 has joined #arpnetworks [09:36] *** ChanServ sets mode: +o ben2 [09:37] *** mercutio has quit IRC (Ping timeout: 244 seconds) [11:34] *** neish_ is now known as neish [13:12] *** awyeah has quit IRC (Quit: ZNC - http://znc.in) [13:15] *** awyeah has joined #arpnetworks [15:05] *** ben2 is now known as mercutio [16:24] *** Lucifer333 has quit IRC (Quit: Leaving) [20:35] *** atmark has joined #arpnetworks