From c41a8a11a2face905dc24078cfef6a35ba1161ee Mon Sep 17 00:00:00 2001 From: Florian Obser Date: Sun, 15 Jan 2023 08:37:08 +0100 Subject: [PATCH] Make the defined term stick out by making it bold. --- VerifyHostKeyDNS.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VerifyHostKeyDNS.org b/VerifyHostKeyDNS.org index 22092ab..35c6b44 100644 --- a/VerifyHostKeyDNS.org +++ b/VerifyHostKeyDNS.org @@ -41,7 +41,7 @@ can secure those with DNSSEC. [[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh​_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify host-keys: -+ VerifyHostKeyDNS :: Specifies whether to verify the remote key using ++ *VerifyHostKeyDNS* :: Specifies whether to verify the remote key using DNS and SSHFP resource records. If this option is set to yes, the client will implicitly trust keys that match a secure fingerprint from DNS. Insecure fingerprints will be handled as if this option @@ -70,7 +70,7 @@ have a trustworthy validating name-server is to run one on localhost. [[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option: -+ trust-ad :: A name server indicating that it performed DNSSEC ++ *trust-ad* :: A name server indicating that it performed DNSSEC validation by setting the Authentic Data (AD) flag in the answer can only be trusted if the name server itself is trusted and the network path is trusted. Generally this is not the case and the AD flag is