Conversation

At the moment, Let's Encrypt primarily issues certificates based on insecure, authenticated HTTP-based validation of domain control. They validate DNSSEC but the HTTP-01 method by itself is insecure and the DNS-01 method requires giving servers DNS API access which isn't good.

Daniel Micay

@DanielMicay

Mar 18, 2021

community.letsencrypt.org/t/acme-caa-val (accounturi) is a feature currently available on their staging server providing a solution. The accounturi feature allows you to pin the ECDSA-based renewal account to provide a secure chain of trust from DNSSEC for issuing certificates via Let's Encrypt.

community.letsencrypt.org

ACME-CAA "validationmethods" support

On Wednesday May 30th (later this afternoon) (the change is live as of 16:44 UTC) we will enable support for the validationmethods restriction from the ACME-CAA draft standard in staging. This...

Daniel Micay

@DanielMicay

Mar 18, 2021

This feature isn't deployed on their production server yet. It's implemented for all of the GrapheneOS domains/subdomains now and we've tested across all with the Let's Encrypt staging server. Of course, you still trust every CA to validate CAA/DNSSEC and not be compromised.

Daniel Micay

@DanielMicay

Mar 18, 2021

Our public keys for all our TLS-based services are pinned across all our services via DANE TLSA records. If clients validated DNSSEC and enforced a tiny subset of DANE (public key pins for leaf certificates) it would solve the problem of needing to trust all CAs. Fix it already.

Replying to

For these purposes, what do you think of the argument that DNSSEC is inappropriate for the SSL trust model because DNS is in many countries in the direct control of the government and the government is many of those same countries a potential threat actor?

Daniel Micay

@DanielMicay

Replying to

@mcclure111

TLS trust model depends on DNS. DV certificates are issued to anyone who controls DNS. OV and EV certificates aren't useful. Browsers never displayed an indicator for OV and EV didn't accomplish much so they stripped away the indicators for that too. There's basically just DV.

7:23 PM · Mar 18, 2021Twitter Web App

Replying to

and

Let's Encrypt and other public CAs will give you a certificate to anyone who controls DNS from their perspective. If someone hijacks controls of your DNS or simply spoofs it (if you don't have DNSSEC) they can simply obtain valid Let's Encrypt certificates to use for your domain.

Replying to

and

WebPKI does nothing to proactively defend against DNS hijacking or spoofing. The only mechanism that's offered is reactive defence via Certificate Transparency (CT). CT currently depends on Expect-CT header pinning because you can spoof dates prior to Chrome requiring it.

Show replies