On Nov 6, 2013, at 9:32 AM, Ben Laurie <[email protected]> wrote: >> The second statement, though, is not a reasonable comparison. registrars >> operate >> with the equivalent of name constraints, from a cert issuance perspective, >> which >> makes it much better that the WebPKI TA model. Even if the TAs in that model >> were >> to issue certs including a name constraints extension, the effect would >> not be as good as what we have in the DNSSEC/DANE environment. > > I accept that _registries_ are name constrained. Registrars less so. > > Not sure I get why this is better than name constrained certificate chains, > tho?
You are assuming that the protocol is a "single name -> data"
If you use DNSSEC in the context of "{multiple names} -> same data", you can
now require that the attacker either attack multiple chains or that the
multiple chains collude.
Thus, eg, you only need to assume that BOTH mydomain.com and mydomain.ru are
not compromised by the same attacker.
--
Nicholas Weaver it is a tale, told by an idiot,
[email protected] full of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
