On 6 November 2013 17:35, Nicholas Weaver <[email protected]> wrote:
>
> On Nov 6, 2013, at 9:32 AM, Ben Laurie <[email protected]> wrote:
>>> The second statement, though, is not a reasonable comparison. registrars
>>> operate
>>> with the equivalent of name constraints, from a cert issuance perspective,
>>> which
>>> makes it much better that the WebPKI TA model. Even if the TAs in that model
>>> were
>>> to issue certs including a name constraints extension, the effect would
>>> not be as good as what we have in the DNSSEC/DANE environment.
>>
>> I accept that _registries_ are name constrained. Registrars less so.
>>
>> Not sure I get why this is better than name constrained certificate chains,
>> tho?
>
> You are assuming that the protocol is a "single name -> data"
That is the protocol.
> If you use DNSSEC in the context of "{multiple names} -> same data", you can
> now require that the attacker either attack multiple chains or that the
> multiple chains collude.
>
> Thus, eg, you only need to assume that BOTH mydomain.com and mydomain.ru are
> not compromised by the same attacker.
Sure, I agree you can invent new protocols with different security
properties. I have several of my own :-)
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
