[Cryptography] Certificates and PKI

[Paul Hoffman]

On Dec 23, 2014, at 9:47 AM, Ben Laurie <ben at links.org> wrote:
> Ah, I was failing to parse "fate-sharing between the name you
> registered and the contents that the registry advertises" - thanks for
> the explanation.
> 
> I do agree that this is an important difference. However, I don't see
> why we should trust registries/registrars any more than we trust CAs?

It depends on who you mean by "we".

We domain owners trust registries more than CAs *because we have to*. In a hierarchically-allocated structure like the DNS, owning a node always means trusting everyone up the tree from you to not remove your name and to enter bad data for your name (such as transferring ownership of your name to someone else). That is inherent in the tree structure.

We relying parties don't have to trust anyone more than anyone else, but given that we don't really understand trust at all and just in a muddle about it, we end up trusting the DNS hierarchy just as much as name owners are forced to trust it. In other words, we relying parties don't even know that we are trusting the registries unless we are in the 5%* of Internet users who understand name hierarchies, but we are trusting them nonetheless.

Lest this feels like it is not about crypto, it is. The crypto piece to all of this is not the keys or signatures on the data, but the discovery thereof. A CA creates assurances that are discovered and used in TLS; DNSSEC creates assurances that are discovered and used in DNS; DANE creates assurances that are discovered in DNS and used in TLS. If you don't discover the key or signature, you can't use it.

--Paul Hoffman

* A precise-sounding but completely-made-up number