Conversation

This Tweet was deleted by the Tweet author. Learn more
Rich Felker
@RichFelker
Replying to
@DanielMicay
Please don't let them impose inane policies on what sort of DANE records are acceptable for web. Anything should be accepted and completely override webpki if DANE semantics say it does (DANE-EE(3) or -TA(2) vs PKIX-*(0 or 1)).
3
Pascal Ernster 🏳️‍🌈
@srslypascal
Replying to
@RichFelker
and
@DanielMicay
No. DANE-TA and DANE-TE allow TLD operators (and thus anyone who can force them through shady court orders) to completely circumvent TLS without even leaving a trace. PKIX-TA and PKIX-EE would at least force them to leave a trace within the certificate transparency logs.
1
Rich Felker
@RichFelker
Replying to
@srslypascal
and
@DanielMicay
This threat is overstated to the point of being standard anti-DNSSEC FUD, but indeed we do need a DNSSEC analogue of CT. Unlike with webpki CT, it doesn't require trusting CAs to adhere to policy to create such a thing; it can be constructed from observation.
3
Pascal Ernster 🏳️‍🌈
@srslypascal
Replying to
@RichFelker
and
@DanielMicay
You'd still be able to circumvent that through split horizon DNS. IMO there needs to be a way to enforce that all DS records and proofs of non-existence of DS records at the TLD level be signed by and committed to trustworthy public append-only logs.
1
Rich Felker
@RichFelker
Replying to
@srslypascal
and
@DanielMicay
I don't follow what you're saying you'd be circumventing. The idea is that someone, somewhere sees the forged DS and submits it to an append-only log because doing so is well inventivized. And if you see one nobody else is submitting yet, it's likely forged.
1
Daniel Micay
@DanielMicay
Replying to
@RichFelker
and
@srslypascal
In theory, there could be Certificate Transparency logs simply accepting self-signed certificates. The issue would be convincing a bunch of organizations to run those kinds of logs and coming up with mitigations to deal with spam that would usually be offloaded to the CAs.
2