On Nov 23, 2020, at 6:20 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > > On Mon, Nov 23, 2020 at 12:49:25PM +0100, Peter van Dijk wrote: >> On Fri, 2020-11-20 at 20:47 +0100, Vladimír Čunát wrote: >>> >>> In retrospect I see that what I wrote is very similar to Manu's >>> "Do9" except for replacing WebPKI by TLSA, with all their pros >>> and cons: >>> https://datatracker.ietf.org/meeting/104/materials/slides-104-dprive-dot-for-insecure-delegations-01 >> >> WebPKI has excellent latency properties compared to TLSA. In more >> words: a parent-side signal that does not pin keys, but does >> authenticate names, would allow WebPKI based DoT with zero extra >> queries compared to current non-DoT operations. > > The WebPKI folks would really hate that, due to the serious > ossificiation concerns it would pose to WebPKI. And by history of DNS, > those concerns are very much warranted (DNSSEC root key rollover was > the most obvious example). There have been number of incidents where > non-web use of WebPKI has caused significant headaches for WebPKI > folks.
Fully agree, and thus we should not use the WebPKI. We can create our own DNSPKI, and invite WebPKI CAs to participate under rules we (for some yet-to-be-defined definition of "we") set up. For example: > On the other side, there are very real concerns about security of > WebPKI. Some of the approved validation methods are downright scary. Exactly. We now have 25 years of experience to say "we only allow these validation mechanism, not those". > Then security of WebPKI fundamentially based on DNS (despite it managing > to collect more single points of failure), so using it in DNS would > cause cyclic dependency with non-obvious implications. That is not inherently true. Newer authentication mechanisms are much more robust than the old "look it up in the DNS, do a nonce check, done". Again, the rules can be set by us, and if only a small number of CAs can (or want to) meet those rules, that's fine. The fact that we already have DNSSEC greatly helps the situation over what the WebPKI people have. We can leverage that. And, of course, there will be people who refuse to use any kind of PKI other than DNSSEC for DNS-related uses. That's fine. DNSPKI would be a second, optional mechanism. It would never replace DNSSEC. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
