SSH pubkeys in DNS

Hi there,

when pushing/pulling GitLab hosted repositories over ssh, one has to accept the host pubkey the GitLab servers provide. I guess only few people make the effort to check them manually, most just accept whatever comes; may it be the legit ones or the ones from a man-in-the-middle.

There is the possibility to store them in the DNS. If you’re using DNSSEC, it’s both secure and convenient.

Hence, please consider this ticket I created.