Got it, glad you clarified that.
It doesn't seem as strong as HPKP though, because you're still reliant on trusted third parties with DANE. HPKP let you avoid TTPs entirely, or at least choose the ones you wanted to trust.
Conversation
Replying to
HPKP doesn't work for the first connection or when the pins have expired. DNSSEC + DANE secures the first connection. It relies on DNS as a root of trust, just like WebPKI does for DV. You can choose which TLD operator you want to trust though, instead of trusting all of them.
2
Replying to
True, though you have to trust the DNS root regardless. Also, switching TLDs would really suck if yours turns out to be untrustworthy.
1
Replying to
Many CAs are clearly untrustworthy but are still trusted by browsers because it's too hard to remove them. A website can't choose not to trust CAs for WebPKI. They have to trust all of them. The alternative is not providing things via a website. At least you CAN switch TLDs.
1
1
I think it's crucial to keep in mind that the DNS root and TLD operators are already 100% capable of obtaining valid WebPKI certificates for the websites using them. DANE is not replacing trusting all CAs with trusting TLD + root DNS but rather just removing trusting all CAs.
1
1
2
Consider it a site that uses .ly (Libya) as their TLD. The TLD operator can already take over their DNS and obtain a certificate from a CA like Let's Encrypt. This will appear in CT logs, but it is not misissuance on the part of Let's Encrypt. It helps detect it, and then what?
2
2
I don't think DANE + DNSSEC introduces any new new trust in DNS, and my suggestion is that it should only be used as an additional check when present rather than an alternative, so any value provided by WebPKI is still preserved. If sites don't like DANE they can just not use it.
1
2
DANE is particularly suitable for protocols like SMTP, which unavoidably already trust DNS, because MX records set the name to be checked in the server certificate. MTA-STS jumps through very ugly hoops (and still remains vulnerable on first contact) to try to work around this.
1
1
As for the DANE "constraint" modes (certificate usages PKIX-TA(0) and PKIX-EE(1)), yes they could be used to harden WebPKI. The major browsers are not keen on tackling the last mile problem (home routers and ISPs serve crippled DNS), which is a barrier to non-datacentre DANE.
1
Chrome opportunistically uses DNS-over-HTTPS and the user can force enable it which resolves this as an issue when it's enabled. Can't be screwed up by networks since it's just a TLS connection. Also, any DoH/DoT resolver can be quite safely assumed to not have broken DNSSEC.
2
There's similar opportunistic DNS-over-TLS / DNS-over-HTTPS in Android at an OS level with the user having the option to force enable it. They might as well be verifying DNSSEC locally when this is enabled, and it enables them to start using DANE.