On Thu, Oct 16, 2025 at 03:24:08PM -0500, Grant Taylor via mailop wrote:
> On 10/16/25 7:09 AM, Viktor Dukhovni via mailop wrote:
> > With DANE, client certificates can and SHOULD be self-signed, but can be
> > from a private CA, when that makes sense.
>
> Please elaborate on why the client certificate SHOULD be self signed or from
> a private CA /within/ /the/ /context/ /of/ /DANE/.
1. ACME CAs typically perform rather weak "domain validation", domains
that publish usage DANE-TA(2) TLSA records are trading security for
illusory convenience of performing DNS updates less often. But
with, for example, the ongoing churn in Let's Encrypt issuer CAs,
sloppy reliance on CA stability is a bad idea.
2. With DANE-EE(3) records, unnecessary third party CAs are no longer
part of the security model, and with a well-automated rollover
process that prepublishes matching TLSA records *before* deploying
new server keys, one no longer needs to operationally monitor and
depend on the practices of an arm's-length CA.
Yes, the certs associated with the "3 1 1" keys can *also* be issued by
a WebPKI CA, but that's far from compelling for client certs, which are
much more simply self-issued, there are no MUAs evaluating client certs
that would partly motivate using a WebPKI cert in this context.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
