[Cryptography] New free TLS CA coming

Viktor Dukhovni cryptography at dukhovni.org
Wed Nov 19 14:43:41 EST 2014

On Wed, Nov 19, 2014 at 01:55:22PM -0500, Salz, Rich wrote:

> > A non ad-hoc demonstration of both domain and site control is I think a
> > DNSSEC validated DANE TLSA RR attesting to the validity of the public key:
> > 
> >     _443._tcp.www.example.com. IN TLSA 3 1 1 <sha256 pkey digest>
> I totally agree.
> But if you have the ability to do this or the ability to make it
> happen, then you are probably (well) beyond the target market of

Not beyond it, but definitely on the bleeding edge for now.  This
would work great for some, I for one would use the service.  One
might reasonably argue that if the domain is signed, this should
be the only way to provide the proof.  FWIW, out of ~88,000 Alexa
top domains tested (so far), 745 or just under 1% are DNSSEC signed,
so indeed this mechanism is not applicable to most sites yet.  [
Making it available and marketing it a bit might spur deployment.

Boostraping such domains to LE can be made stronger by requiring
not only the TLSA RR, but also when starting with no prior cert
from LE, that the server have an interim self-signed cert with a
public key matching the TLSA records.

As I said, this can't be the only mechanism, and it will initially
be far from widely used, but whatever mechanisms are used deserve
close scrutiny.  They need to be usable, and yet somehow not give
away the store on the security front.


More information about the cryptography mailing list