The right way to use DANE is pinning keys. I don't think it makes much sense to use it to pin certificates. As a key pinning mechanism it's perfectly suited to be an additional security check and can live happily alongside Web PKI. CT is a nice check on registrars, not just CAs.
Conversation
If you're thinking about DANE for HTTPS, yes PKIX-EE(1) is reasonably fit for purpose, if/when (some day) the browsers actually implement DANE.
For SMTP, web PKI is not a good fit. See section 1.3 of RFC7672. MTA-STS is a kludge.
WebPKI btw., is just as vulnerable to registrars
1
1
> For SMTP, web PKI is not a good fit. See section 1.3 of RFC7672. MTA-STS is a kludge.
It works fine. MTA-STS is certainly a kludge since it should just be the only option. People who want to run their own mail server and still receive mail can set up a valid certificate.
1
> WebPKI btw., is just as vulnerable to registrars
CT with enforcement of SCTs at least provides an audit trail to detect a compromise or malicious behavior. There isn't a choice between using Web PKI or DANE since they work fine together. Don't see why someone wouldn't do both.
1
CT works much better in theory than in practice. Only the big players have the resources to audit the logs and determine whether any unauthorised certificates have been issued. It is a pretty high cost to avoid forgery of certificates for Google, and at best works after the fact.
1
It hardly takes a lot of resources, especially for a clean / simple setup. I would expect that the complexity of the setup reflects the resources of the organization and if there's an over-engineered sprawling mess that's a whole separate problem. How are they going to use DANE?
1
If someone can set up DANE, they're in a position to audit CT logs for certificates issued with the wrong key. As I mentioned earlier, I don't see why these things are presented as alternatives when they work fine alongside each other. Doing both is the most practical / secure.
3
DANE is utterly trivial to setup. If anything it's harder for big orgs that have large legacy DNS setups not amenable to DNSSEC (ie Google).
1
I don't disagree with you about DANE being a better approach and easy to setup. I just think that Web PKI has both practical value (dealing with anyone not using DANE) and actual value via CT which can also be considered to place a check on registrars too, not just CAs.
3
Webpki is worthless for SMTP without MTA-STS or PKIX-EE because otherwise using TLS at all is opportunistic & accepting untrusted key is still far better than sending in clear. And MTA-STS is a standards-hostile Rube Goldberg machine dependent on web infrastructure.
2
I'm using MTA-STS. It's annoying needing an mta-sts subdomain for each host I want to be able to send mail but it's trivial since I already have web servers and it doesn't expect me to put it on the same host so I just put it on the main website:
github.com/GrapheneOS/gra