[Cryptography] Certificates and PKI

[Ben Laurie]

On 22 December 2014 at 15:38, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> On Mon, Dec 22, 2014 at 01:33:53PM +0000, Ben Laurie wrote:
>
>> On 21 December 2014 at 19:19, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
>> >     * More progress needs to be made on the DNSSEC last-mile
>> >       problem,
>>
>> Indeed, this does appear to be the biggest blocker for DANE.
>>
>> But also: DANE puts registries and registrars in the roles of CA and
>> RA. If we think CAs are not a good solution, how is it the
>> registries/registrars magically are?
>
> Recall that DANE is a better DV, it is not trying to be "EV".
> CA-based DV verifies domain control to a much weaker extent (if at
> all) than the syllogistic domain control established via the
> relationship between registrant and registrar.

I fully agree that DANE is a (slightly) better DV. But DV is
unacceptably weak and DANE is not the complete solution it is held out
to be by many.

> There is one registrar at a time for any given domain.  This part
> of DANE is *not* the problem, a registrar or DNS hosting provider
> can also convince any of the panoply of CAs to issue a DV cert.
>
> The last mile problem is not a problem for MTA to MTA SMTP, or
> server to server XMPP, and thus unsurprisingly deployment is starting
> with these.  It will take some time and effort to make inroads in
> the mobile device space.  DNSSEC stapling (if/when revived) could
> be a big help there.

Yes, it is nice to see the steps being taken where DNSSEC clearly does
improve matters.