[Cryptography] distrusted root CA: WoSign

John Levine johnl at iecc.com
Sun Oct 2 14:49:12 EDT 2016


In article <20161002034219.GY4670 at mournblade.imrryr.org> you write:
>On Sat, Oct 01, 2016 at 11:02:19PM +0100, Ben Laurie wrote:
>
>> Alternatives like DANE are just shuffling the deck chairs on the
>> Titanic. What can you do that is radically better than CAs +
>> transparency?
>
>Well, DANE is strictly stronger than DV, because it is tied to
>direct evidence of domain control, via the domain management account
>of the domain owner at the registrar/registry that publishes the
>DS records on the owner's behalf.

You're right, DANE shows that the cert us under control of the same
person that phished the registrant's password.  Or perhaps her
registrar reseller's password, or the password of her web host, who
also provides DNS service.  This is a quantitatively smaller attack
surface than Let's Encrypt but I don't see it as qualitatively
different.

More to the point, a DV or DANE certificate doesn't tell you anything
about the identity of the party, so the only assurance it gives you is
that there wasn't a MITM.  To the extent that CAs do the validation
for EV certs that they are supposed to, EV really is qualitatively
different.

I am not a big fan of CAs, but the problem we want them to solve is
extremely difficult.

R's,
John


More information about the cryptography mailing list