[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Jon Callas
jon at callas.org
Wed Apr 23 15:28:41 EDT 2025
> On Apr 23, 2025, at 07:10, Kent Borg <kentborg at borg.org> wrote:
>
> On 4/22/25 8:32 PM, Paul Wouters wrote:
>> All the CAbal exists only because of browsers refusing to do DNSSEC,
>> even now they have a clean and secure path via DoH anyways....
>
> What are the downsides to DNSSEC? Both honest and real, and imagined or excuses.
If you haven't read Tom Ptacek's "Against DNS" <https://sockpuppet.org/blog/2015/01/15/against-dnssec/>, you should. While not every one of his comments are things everyone agrees with, the points are all well-argued.
The objection that is most apropos is outlined again here, <https://infosec.exchange/@tqbf/109938525731567458>, that it is just another PKI and one where the CAs are the top-level-domain owners -- governments. Thus, for example, if you have a domain in `.ly`, your CA is the government of Libya. For `.io`, it's whoever is in charge of that -- be it the British government, Mauritius, or private sector actors operating with the cooperation of one, the other, or both.
It's thus completely possible for that owning government to have an alternate DNSSEC and flip between them at will. John Gilmore reminded us of the QUANTUM <thing> projects done in the past, and DNSSEC makes the concept possible with a new implementation.
The present WebPKI system requires an attacker to both gain control of the certificate system and compromise the network access. Sometimes this is easy -- we've discussed a rogue hotspot. Sometimes it's not easy. One can argue that an evil DNSSEC root is only a single thing that's harder to do, which means to me that it is at best shuffling the cards, and not changing the game.
We can (and I am sure will) debate this here at length, but that's the essence of the argument, that you're changing out one PKI for another.
Other criticisms of DNSSEC are not directly relevant, but are more than obliquely relevant. For example, there are reliability criticisms that could be fixed, but it's not clear that the fixes to network infrastructure would improve the trust system.
Jon
More information about the cryptography
mailing list