[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS security and spoofing (Re: [cobalt-security] Anyone else get this error?)
- Subject: Re: DNS security and spoofing (Re: [cobalt-security] Anyone else get this error?)
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 30 Dec 2002 21:39:46 +0300
- Organization:
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 2002-12-30 at 20:03, E.B. Dreger wrote:
> EC> can be omitted alltogether. Instead, you can (and probably
> EC> should) download the key by hand and check the fingerprint
> EC> offline (e.g. call friends).
>
> Likewise, one could have a centrally-distributed copy of the
> hints file.
The difference is that the public key does not change [as often as the
hints file may]. You may need to download and verify the public key
only once in the lifetime of your server. And then check the hints file
several times a year.
Eugene