[Cryptography] distrusted root CA: WoSign

[Viktor Dukhovni]

On Sat, Oct 01, 2016 at 11:02:19PM +0100, Ben Laurie wrote:

> Alternatives like DANE are just shuffling the deck chairs on the
> Titanic. What can you do that is radically better than CAs +
> transparency?

Well, DANE is strictly stronger than DV, because it is tied to
direct evidence of domain control, via the domain management account
of the domain owner at the registrar/registry that publishes the
DS records on the owner's behalf.

Whereas, DV is a point in time, MiTM-vulnerable, leap-of-faith by
any one of a multiplicity of CAs that perform cursory "verification"
of domain control.  So DANE would certainly be progress, but it is
not currently practical for mobile clients that find themselves
regularly on airport WiFi networks, hotel captive-portal networks,
and other DNSSEC-unfriendly environments.  DANE stapling is still
on the drawing board, in part waiting for the TLS WG to be less
attention starved by TLS 1.3 to the exclusion of much other work.

Which is not to say that transparency is a bad idea.  We each have
technologies we've invested a bunch of effort into, there's no need
to disparage either, they each have their place.  DANE is well
suited to SMTP + STARTTLS, CT is more applicable to the Web.

-- 
	Viktor.