Gerv, rather than start by digging into the specific technical details, let me ask a high level question.
Suppose I have deployed DNSSEC for my domain tlrmx.org and I have a CAA record saying to only permit the non-existent Gotham Certificates gotham.example to issue. You say you don't want CAs to need to implement DNSSEC. But you also don't want them issuing for my domain. How did you imagine this circle would be squared? If a CA doesn't implement DNSSEC bad guys can send them a forged answer to any query and they'll believe it. We might say to ourselves "Oh, the CA should take reasonable precautions to prevent that" but er, the reasonable precaution is to implement DNSSEC. The arguments against DNSSEC in ordinary clients end up being about practicality, it would be difficult and costly. Ok. But running a public CA is already difficult and costly. Trustworthiness is not cheap. I've also seen a few complaints about DNSSEC being slow at scale. As I understand it Let's Encrypt used DNSSEC at scale from its inception. Whether they're really "biggest" in some sense is debatable, but they're definitely not a boutique outfit, if they can do it then it's clearly not impossible. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
