silly footnote ;)

This commit is contained in:
Florian Obser 2023-01-15 08:32:33 +01:00
parent 7540e3f554
commit 4ae9e2c797

View File

@ -64,7 +64,8 @@ needs to have the /Authentic Data (AD)/ flag set. The flag gets set
when a validating name-server is asked for the SSHFP record, it finds
it and it can validate the answer using DNSSEC.
But then the libc stub resolver[fn:: The thingy that ssh uses to talk
But then the libc stub resolver[fn:: The thingy[fn:: Thingy is a
technical term, don't worry about it.] that ssh uses to talk
to the validating name-server. On OpenBSD that is [[https://man.openbsd.org/man3/asr_run.3][asr]].] gets that
answer it will strip the AD flag for security reasons. You see, it
does not know that it can trust the validating name-server. One way to