At 11:58 AM -0400 6/25/02, Keith Moore wrote: > > We seem to agree that the DNS could be sued to distribute certs, so >> the question is what should the certs attest to and who should issue >> them. I argue that we need certs that support validation of DNS >> bindings, and that the only authoritative sources for that info are >> the folks who manage the DNS. > >and there is no assurance that they're trustworthy. since trustworthiness is a relative term, that can always be said about any CA. that's why I don't like dealing with CAs based on trust. authoritativeness is a quality that is less contentious in many contexts, including this one. > > Anyone else is a TTP, with all the >> problems that implies. > >the problems associated with TTPs may actually be less than the problems >associated with implicitly trusting the TLDs. you *choose* whether to >trust a TP. limited trust of the TLDs is essentially forced on you, >but it's a mistake to extend that trust beyond the minimum necessary. and a DNS-based PKI would not require anyone to trust it. people could choose to make use of it, or could continue to make use of the insecure system we have today. nobody said that making use of the certs would be mandatory; it would be an option we currently do not have. you fear that people would decide to rely on this new aspect of the infrastructure and you think that, because of the specific organizations operating some TLDs, that this would be a bad choice. but, since we agree that people implicitly rely on it anyway, I don't see the change as a a bad one. >it's one thing to get an address RR of a server from a TLD. you still >have the opportunity to authenticate that server via other means that >you trust. the worst the TLD can do in this case is a DoS attack. > >OTOH if the TLD has the capability of issuing a bogus cert for the >server you want to contact, and you are foolish enough to trust it, >you're screwed. and the TLDs will mislead the public into trusting >them, because they'll be the "obvious" choice, and because there's >nobody to keep them honest. if you really do have viable means of independently verifying the accuracy of the binding, then you can always choose to employ them. I think that such means are rare in practice. but, in any case, these means could still be available. >this is why a DNS-based PKI is a Bad Idea. > >OTOH being able to access TP certs via DNS could be quite useful. > >the most trust that should be invested in the TLDs (or any zone) >should be the ability to authenticate the RRs in their zone, >and specifically NOT to authenticate servers. and we don't need >a DNS PKI to authenticate RRs, we have other mechanisms for that. let's just say we disagree. Steve