[Cryptography] Certificates and PKI

Ben Laurie ben at links.org
Tue Dec 23 12:55:57 EST 2014


On 23 December 2014 at 16:54, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> On Tue, Dec 23, 2014 at 10:56:47AM +0000, Ben Laurie wrote:
>
>> > Not "magically", but systematically. Every domain owner has chosen a
>> > registry, and possibly a registrar (some registries do not have registrars).
>> > There is an established business relationship with the registry that means
>> > that you trust them with serving your name correctly. There is fate-sharing
>> > between the name you registered and the contents that the registry
>> > advertises. Given that fate-sharing, they are in a position to attach any
>> > DNS-specific semantics to your name, such as the DS records.
>>
>> I'm not getting the distinction you're making here. This sounds pretty
>> much exactly like the relationship you have with a CA...
>
> But it very much is not, because you don't acquire and retain
> ownership of a domain through a CA, and every CA can issue
> certificates, not just the one you're paying to do so.
>
> Domain control *is* having your domain registered to you, through
> some registrar/registry.  Paying a CA for a certificate for a domain
> is NOT domain control.
>
> Ben, there are various obstacles to widespread use of DANE today,
> I mentioned most of them, but being less secure for DV than a CA
> is *not* one of them.  On the contrary, DV by a CA is strictly
> weaker, since control of registration or ability to make DNS changes
> gets you a DV cert.

Totally agreed! My point is just that DANE does not fix one of the
underlying problems, namely that we cannot trust the entities that
control the systems that validate our keys. CT is intended to help
mitigate that problem for PKIX, and if we can solve the deployment
problems for DANE we will need something like CT to mitigate it for
DNSSEC.

> The new Let's Encrypt initiative (an example soon to be CA) will
> I fear not take into account the DNSSEC status of domains.

Why do you think it will not? I suspect it should. Are you thinking
about DANE or CAA or both here?

> And
> thus issue DV certs based on MiTM vulnerable ability to respond to
> insecure email for admin at example.com or spin up an unauthenticated
> HTTP or HTTPS site.
>
> So, I think you're being a bit obstinate on this one, let's discuss
> something more substantive.

I have perhaps been unclear what my concerns are. I hope this clears it up.


More information about the cryptography mailing list