[Cryptography] Certificates and PKI

Viktor Dukhovni cryptography at dukhovni.org
Fri Dec 26 20:05:54 EST 2014

On Thu, Dec 25, 2014 at 01:54:06PM -0500, Paul Wouters wrote:

> >Do you mean the parent pretending the delegation does not exist,
> >and returning a signed answer rather than a referral?
> Yes.

How is this different from a root CA signing some leaf cert,
bypassing the intermediate that is normally used to sign leaf
certs?  Or employing some never-before-seen intermediate?

It seems to me that any chain of validated delegations leading
ultimately to a TLSA RRset or similar key material is a candidate
for CT logging, evidenced by the full chain of signed DS and DNSKEY
RRsets that make the key material "secure".

> >However evidence of the parent serving the child zone, as if no
> >delegation existed, is more difficult to accomodate in a transparency
> >scheme.
> Exactly.

CT for parent domains serving entries in what should be a child
domain is doable I think.  A more difficult problem is CT for denial
of existence.  Here the number of potential NXDOMAIN responses is
effectively limitless.  For TLSA records, one might insist that
any query for "_<port>._<proto>" be anchored to a name that does
exist, but this still leaves 128K deniable RRsets per host.

I've not been following the "trans" working group, is there a
plausible design for CT for DNSSEC, or do the problems look


More information about the cryptography mailing list