[Cryptography] Certificates and PKI

Viktor Dukhovni cryptography at dukhovni.org
Sun Dec 21 14:19:44 EST 2014

On Sun, Dec 21, 2014 at 06:25:58PM +0100, Guido Witmond wrote:

> By promoting DANE support in the browsers. Install every DANE-validator
> plugin and enable the browser to spy on your plugin-list.

Yes, but we're not quite there yet.  There's some work left to do
in this space:

    * Who's writing non-toy DANE validator plugins for browsers?
      Has the code in question been independently reviewed?

    * With HTTP plus DANE, should the PKIX-TA(0)/PKIX-EE(1)
      certificate usages be supported by browsers, or should
      DANE-TA(2)/DANE-EE(3) be supported instead?  Supporting both
      essentially reduces the former to a less reliable version
      of the latter, so a design choice needs to be made.

    * More progress needs to be made on the DNSSEC last-mile
      problem, and a number of large DNSSEC hosting registrars need
      to fix broken nameserver implementations.

    * Some middleboxen appear to drop TLSA queries over IPv4, but
      allow same over IPv6.

    * With other middleboxen an "NXDOMAIN" result is returned just
      fine for "_25._tcp.mail.example.com IN A ?" and would have
      worked for "_25._tcp.mail.example.com IN TLSA ?", were the
      "TLSA" query not dropped.

    * Over UDP, DNSSEC creates a greater DDoS exposure, that in
      part is holding back adoption.  Over TCP the latency cost of
      doing 3-way handshakes for every lookup is too high.  We
      don't have MinimalT or similar deployed for DNS, but this
      could potentially address the latency, confidentiality and
      DDoS problems for DNSSEC.  Of course rolling out a new
      transport will take decades.

Solving the problem in theory is much easier than solving it in


More information about the cryptography mailing list