[Cryptography] New free TLS CA coming

[Viktor Dukhovni]

On Thu, Nov 20, 2014 at 09:42:21AM +0000, Dave Howe wrote:

> It is reasonable to infer that most damage that can be done by abuse of
> an issued certificate can be done by someone able to publish content at
> an arbitrary location on the website, regardless of if they own that
> domain or not.  [...]
> 
> For https, that's probably good enough (although that doesn't of course
> cover cases where a cert for the site could *also* be used for other
> purposes perhaps the domain owner wouldn't approve of, but as those will
> usually be something other than a web browser doing the trust
> evaluation, you can possibly fix that by not including the root in those
> other somethings)

Exactly, Web PKI certificates are unfortunately not specific as to
the service endpoint, they certify the host only.  So an HTTPS cert,
could be misused for other purposes, and it is not yet clear whether
the LE CA will issue wildcard certs covering all hosts in the domain.

> > Should any HTTP site hosting provider be able to independently acquire
> > new certificates for the domain?
>
> Other solutions have similar considerations. If you look at something
> like DANE, then you are inferring control over dns records equates to
> ownership of the domain (slightly more reasonable, but only slightly.
> [...]

Well control of the domain is essentially control over the DNS,
try as one might to distinguish between the registrant and the DNS
provider, the real operational control is by the DNS provider,
though ideally via lights-out automated processes that authenticate
the registrant as the authorized user to make changes.

So for DV validation, you can't do much better than effective
control of the DNS.  If the domain is DNSSEC signed, I would (and
I guess did in this thread) argue that this should be the only
means to prove control.  For the (majority) unsigned domains, other
"proofs" will need to be supported.

-- 
	Viktor.