[cryptography] DNSSEC/DANE in CT. Was: Why anon-DH is less damaging than current browser PKI
guido at witmond.nl
Tue Jan 8 07:01:47 EST 2013
On 01/07/2013 08:08 PM, Ben Laurie wrote:
> On Mon, Jan 7, 2013 at 5:32 PM, Guido Witmond<guido at wtmnd.nl> wrote:
>> What I read from the certificate-transparency.org website is that it intends
>> to limit to Global CA certificates. I would urge mr Laurie and Google to
>> include all certificates, including self-signed. It would increase the value
>> of CT for me, especially in combination with DNSSEC/DANE
> The problem with self-signed for CT is twofold:
> 1. spam.
> 2. revocation.
> Given a solution to these I would happily include them in CT.
> CT + DNSSEC/DANE + self-signed is a different matter, but one that
> should probably address DNSSEC directly - that is, transparency for
> DNSSEC keys, not for TLS certs mentioned in DANE records.
I don't know enough how self signed server certificates would add to the
spam or revocation problem.
Please let me first phrase what I think I understand of CT and why I
want to include self signed certificates.
If I understand correctly:
1. CT is a way to keep/make global CAs honest by listing all
certificates signed by them, indexed by domain name.
2. CT allows to lookup hashes without leaking to third parties what
sites I browse to.
Both goals are direly needed. Thank you for pursuing it.
A global server certificate is nothing more than a binding from domain
name to a public key. It is designed to prevent a DNS-attack against my
resolver that lures me to an attacker. Secondly, it provides a key to
secure the communication against sniffing and tampering.
With DNSSEC and DANE, I don't have that problem as my resolver can
validate both the correct ip-address and the server-certificate. Even if
it is a self-signed certificate. I don't need the global CAs anymore for
Now I don't want to _trust_ DNSSEC completely either. A registrar might
get pressured to change the
ip-address and certificate for a site. In fact, DNSSEC and DANE would
make that attack easier as there is only one party to pressure. For that
you would need to log the self signed certificates, not (just) the
CT would allow me to view the history of a certificate for the domain
name. Even if it was a self signed certificate. It would let my browser
to make a more informed decision whether to trust a site as Peter
Perhaps you might want to leave the unpublished self signed certificates
out of the log, to pressure people to use either global CAs or DANE.
With regard, Guido Witmond.
More information about the cryptography