mailing list archives
DNSSEC vs. X509 (Re: Security team successfully cracks SSL...)
From: Paul Vixie <vixie () isc org>
Date: Tue, 06 Jan 2009 05:32:36 +0000
Joe Abley <jabley () hopcount ca> writes:
On 2009-01-05, at 15:18, Jason Uhlenkott wrote:
If we had DNSSEC, we could do away with SSL CAs entirely. The owner
of each domain or host could publish a self-signed cert in a TXT RR,
... or even in a CERT RR, as I heard various clever people talking about
in some virtual hallway the other day.
i wasn't clever but i was in that hallway. it's more complicated than
RFC 2538, but there does seem to be a way forward involving SSL/TLS (to
get channel encryption) but where a self-signed key could be verified
using a CERT RR (to get endpoint identity authentication). the attacks
recently have been against MD5 (used by some X.509 CA's) and against an
X.509 CA's identity verification methods (used at certificate granting
time). no recent attack has shaken my confidence in SSL/TLS negotiation
or encryption, but frankly i'm a little worried about nondeployability
of X.509 now that i see what the CA's are doing operationally when they
start to feel margin pressure and need to keep volume up + costs down.
i don't have a specific proposal. (yet.) but i'm investigating, and i
recommend others do likewise.