[Cryptography] Against against DNS (Re: New SSL/TLS certs to each live no longer than 47) days by 2029
Seth David Schoen
schoen at loyalty.org
Wed Apr 23 17:45:53 EDT 2025
Nico Williams writes:
> CT is one of only two reasons (IMO) to think WebPKI superior to DNSSEC.
> The other is PQ: DNSSEC is more constrained as to PQ PK scheme choices
> than WebPKI because larger keys and signatures will not be practical in
> DNS.
The other related thing is that the web PKI is overseen by a small group
of mostly browser people, who are extremely pro-privacy and not engaged
in politically balancing various stakeholder interests like ICANN does (or
directly deriving profit from the system like some domain registries do).
This is a relatively recent development in the history of the two systems,
and also a relatively contingent one.
The comparative centralization of the web PKI also lets that small group
of pro-privacy people exercise a lot of influence over actual practices
and operations of the PKI. There's nobody who can exercise a similar
influence over the DNS system as a whole, whether at the registry level
or at the authoritative server level.
Like, if the CA/B Forum decided that a certain feature of certificates
was mandatory or forbidden, all new publicly-trusted certificates in the
whole world would follow that rule in relatively short order. There's
nobody who could do the same for a DNS RRtype or any other DNS protocol
feature, even with regard to requiring DNS zones to follow long-standing
existing rules, never mind introducing new ones!
Let's Encrypt has faced issues with DNS standards conformance where some
authoritative servers would not follow longstanding RFC standards (e.g.
case sensitivity in queries, or the error code to return for an unknown
RRtype). In those cases, Let's Encrypt exposed the problem because the
CA/B Forum rules, or its own engineers' detail-orientation, actually
insisted on enforcing those standards during certificate validation,
where no other DNS ecosystem participant had seemingly ever noticed the
problem before, much less demanded that it be fixed.
More information about the cryptography
mailing list