On Wed, Aug 06, 2014 at 10:54:36PM +0000, Viktor Dukhovni wrote: > On Wed, Aug 06, 2014 at 06:39:37PM -0400, John C Klensin wrote: > > [MITM attack by compromised DNS registrar text elided.] > > If folks want to continue this nuanced tangential discussion, > perhaps a separate thread on saag, or on Perry's cryptography list > would be more appropriate. I'm having a hard enough time keeping > track of all the on-topic LC mail. DNSSEC is a PKI, with all that that implies, yes. Mitigations for PKI's compromised-issuer MITM vulnerability: - Strong naming constraints Check! The most important mitigation is already there. DNSSEC has and necessarily had to have strong naming constraints from the get go. - CT CT for DNSSEC should fall squarely into trans WG's remit (if not now, then after a charter update to make it so). Trans WG already has been discussing CT for DNSSEC! - Pinning Pinning of services' public keys/intermediate issuer at the application layer is completely orthogonal to DNSSEC. If you're already pinning, then you are already mitigating this problem. - Things like Perspectives (which IIUC is not being pursued any longer). Nico --