[cryptography] DNSSEC/DANE in CT. Was: Why anon-DH is less damaging than current browser PKI

Guido Witmond guido at witmond.nl
Tue Jan 8 07:01:47 EST 2013

On 01/07/2013 08:08 PM, Ben Laurie wrote:
> On Mon, Jan 7, 2013 at 5:32 PM, Guido Witmond<guido at wtmnd.nl>  wrote:
>> What I read from the certificate-transparency.org website is that it intends
>> to limit to Global CA certificates. I would urge mr Laurie and Google to
>> include all certificates, including self-signed. It would increase the value
>> of CT for me, especially in combination with DNSSEC/DANE
> The problem with self-signed for CT is twofold:
> 1. spam.
> 2. revocation.
> Given a solution to these I would happily include them in CT.
> CT + DNSSEC/DANE + self-signed is a different matter, but one that
> should probably address DNSSEC directly - that is, transparency for
> DNSSEC keys, not for TLS certs mentioned in DANE records.

I don't know enough how self signed server certificates would add to the 
spam or revocation problem.

Please let me first phrase what I think I understand of CT and why I 
want to include self signed certificates.

If I understand correctly:
1. CT is a way to keep/make global CAs honest by listing all 
certificates signed by them, indexed by domain name.
2. CT allows to lookup hashes without leaking to third parties what 
sites I browse to.

Both goals are direly needed. Thank you for pursuing it.

A global server certificate is nothing more than a binding from domain 
name to a public key. It is designed to prevent a DNS-attack against my 
resolver that lures me to an attacker. Secondly, it provides a key to 
secure the communication against sniffing and tampering.

With DNSSEC and DANE, I don't have that problem as my resolver can 
validate both the correct ip-address and the server-certificate. Even if 
it is a self-signed certificate. I don't need the global CAs anymore for 

Now I don't want to _trust_ DNSSEC completely either. A registrar might 
get pressured to change the
ip-address and certificate for a site. In fact, DNSSEC and DANE would 
make that attack easier as there is only one party to pressure. For that 
you would need to log the self signed certificates, not (just) the 

CT would allow me to view the history of a certificate for the domain 
name. Even if it was a self signed certificate. It would let my browser 
to make a more informed decision whether to trust a site as Peter 
Gutmann promotes.

Perhaps you might want to leave the unpublished self signed certificates 
out of the log, to pressure people to use either global CAs or DANE.

With regard, Guido Witmond.

More information about the cryptography mailing list