[Cryptography] Certificates and PKI

Guido Witmond guido at witmond.nl
Mon Dec 22 10:47:57 EST 2014

On 12/22/14 14:33, Ben Laurie wrote:
> On 21 December 2014 at 19:19, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
>>     * More progress needs to be made on the DNSSEC last-mile
>>       problem,
> Indeed, this does appear to be the biggest blocker for DANE.
> But also: DANE puts registries and registrars in the roles of CA and
> RA. 

I'm not sure I understand this. How would DANE put registrars into the
role of a CA or RA?

Is your concern that a registrar is able to modify each of the A, AAAA
and TLSA-records of any entrusted domain? Either voluntarily or coerced?

It's up to the domain owner to monitor the registrar. Using
decentralised tools such as the IETF's Atlas network or tor to prevent
the registrar from detecting your monitoring and get a good overview of
worldwide perspectives.

If we think CAs are not a good solution, how is it the
> registries/registrars magically are?

The missing ingredient is a way for the end user to identify when a
site's TLSA-records gets compromised.

For that, each site needs to run their own CA, sign their server
certificate with it and publish their own CA-cert in DANE.

The user agent (browser) can pin the domain name and CA-cert together at
first contact. It's Trust-on-First-use, agreed. But for that we have CT
to provide a historic view, reducing the amount of trust at first.

If running your own CA is too difficult, outsource it to someone who
knows how to operate a HSM.

Not magical, hopefully practical.

With regards, Guido Witmond.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141222/9bc67913/attachment.sig>

More information about the cryptography mailing list