On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote:
> I don't think that this comparison is particularly apt.The
> representation in HSTS is simply "I support HSTS". The representation
> in HPKP is "I will use either consistent keying material *or* a
> consistent set of CAs". The representation here is "I will continue to
> have DNSSEC-signed DANE records". That is a significantly more risky
> proposition than continuing to support TLS (and I'm ignoring the risk
> of hijacking attacks that people were concerned with with HPKP), and
> so this seems rather more like HPKP to me.

Without a TTL (with zero meaning "clear the pin to DANE") this extension
can only really be used with mandatory-to-use-with-DANE protocols, where
the commitment to "continue to have DNSSEC-signed DANE records" is

The TTL allows one to put a bound on that commitment, thus alleviating
the risk.

That's the whole point: to alleviate the risk of commitment to DANE in
order to not discourage opportunistic deployment.


TLS mailing list

Reply via email to