[Cryptography] Against against DNS (Re: New SSL/TLS certs to each live no longer than 47) days by 2029
Viktor Dukhovni
cryptography at dukhovni.org
Fri Apr 25 23:38:49 EDT 2025
On Fri, Apr 25, 2025 at 08:27:24PM +0100, Stephen Farrell wrote:
> Chromium had DANE code for a while, but they took it out, and I
> think browser makers more complained of reliability issues with
> getting DNSSEC-signed answers (in a few percent of cases, due to
> dodgy middleboxen) rather than added-latency.
The obstacle to DNSSEC in browsers is fundamentally a last-mile problem
with CPE devices (routers, cable boxes, ISP resolvers, ...) often enough
making it impossible to get signed answers. The landscape has changed
with DoH, ... creating a pathway to bypass all the impedance, but it is
not yet pervasive to the point of making DNSSEC+DANE available to edge
consumer devices.
This is why DANE is happening in server-to-server (MTA-to-MTA) SMTP
first. Out of ~23.3 DNSSEC signed zones delegated from a public suffix,
~4.2 million (~18%) are secured with DANE TLSA records across all their
MX hosts.
> I like DANE, it'd be a fine thing. But it's not really credible as
> an alternative to the WebPKI so long as we're at ~4% of 2LD zones
> being signed.
That fraction is very unevenly distributed. It is 4% of .COM, 66% of .DK,
and 0.02% of .CN.
> Given that's 15 years after the root zone was signed, I'm not sure
> there's so much hope for DNSSEC, which is a pity.
Penetration depends a lot on the behaviour of service providers, and
things can/could change quickly if some large providers signed by
default. Godaddy, for example, could make a difference.
--
Viktor.
More information about the cryptography
mailing list