[Cryptography] Certificates and PKI
Viktor Dukhovni
cryptography at dukhovni.org
Fri Dec 26 20:05:54 EST 2014
On Thu, Dec 25, 2014 at 01:54:06PM -0500, Paul Wouters wrote:
> >Do you mean the parent pretending the delegation does not exist,
> >and returning a signed answer rather than a referral?
>
> Yes.
How is this different from a root CA signing some leaf cert,
bypassing the intermediate that is normally used to sign leaf
certs? Or employing some never-before-seen intermediate?
It seems to me that any chain of validated delegations leading
ultimately to a TLSA RRset or similar key material is a candidate
for CT logging, evidenced by the full chain of signed DS and DNSKEY
RRsets that make the key material "secure".
> >However evidence of the parent serving the child zone, as if no
> >delegation existed, is more difficult to accomodate in a transparency
> >scheme.
>
> Exactly.
CT for parent domains serving entries in what should be a child
domain is doable I think. A more difficult problem is CT for denial
of existence. Here the number of potential NXDOMAIN responses is
effectively limitless. For TLSA records, one might insist that
any query for "_<port>._<proto>" be anchored to a name that does
exist, but this still leaves 128K deniable RRsets per host.
I've not been following the "trans" working group, is there a
plausible design for CT for DNSSEC, or do the problems look
intractable?
--
Viktor.
More information about the cryptography
mailing list