On 4/10/21 12:50 PM, Nico Williams wrote:
On Sat, Apr 10, 2021 at 02:08:30PM -0400, Viktor Dukhovni wrote:
Ben's claim that CAs are "more secure" than DNSSEC is demonstrably
in error in a world where all that CAs do is issue DV certs that
attest to "domain control".
If you don't trust the ICANN root, you can't trust DV certs, since
all they do is memoise some DNS-derived data you don't trust. Indeed
it takes DNSSEC (and CAs honouring DNSSEC-signed CAA records) to somewhat
improve the rather weak assurance that DV provides.
Perhaps CT adequately hardens this model for Google's domains, if
they're sufficiently vigilant to detect unauthorised certificate
issuance (after the fact), but for the rest of us, tracking the
CT logs is not actually practical.
Indeed, CT works only if people bother to do enough log checking to
increase the risk -real and perceived- to malefactors with access to CA
credentials. CT can fail to get there generally, leaving us with the
same old name-constraint-less, multi-root WebPKI.
CT is not the answer, and it's not even an answer. CT might help, and
it's better than nothing, but it's certainly not better than also
addressing the other issues, and it's not better than only addressing
the other issues either.
If QUIC were to depend on DANE, the result would be a shot in the arm to
DNSSEC deployment, which would instantly address the two biggest
problems with WebPKI.
Yeah, I was trying to verify whether google, amazon and facebook sign
but it appears not? my dig fu is admittedly bad so I might be full of it
(hopefully).
Let me ask a pointed question: if we used DANE+DNSSec do we have
confidence in the security of the solution? I think we'd have to have a
lot of confidence in both that they are really ready for prime time.
Again, this yet another reason why an experiment would be extremely
instructive because they could limit the scope to steer out of
ecommerce, etc, until the results are in.
Mike