DNSSEC vs. X509 (Re: Security team successfully cracks SSL...)
vixie at isc.org
Tue Jan 6 05:32:36 UTC 2009
Joe Abley <jabley at hopcount.ca> writes:
> On 2009-01-05, at 15:18, Jason Uhlenkott wrote:
>> If we had DNSSEC, we could do away with SSL CAs entirely. The owner
>> of each domain or host could publish a self-signed cert in a TXT RR,
> ... or even in a CERT RR, as I heard various clever people talking about
> in some virtual hallway the other day.
i wasn't clever but i was in that hallway. it's more complicated than
RFC 2538, but there does seem to be a way forward involving SSL/TLS (to
get channel encryption) but where a self-signed key could be verified
using a CERT RR (to get endpoint identity authentication). the attacks
recently have been against MD5 (used by some X.509 CA's) and against an
X.509 CA's identity verification methods (used at certificate granting
time). no recent attack has shaken my confidence in SSL/TLS negotiation
or encryption, but frankly i'm a little worried about nondeployability
of X.509 now that i see what the CA's are doing operationally when they
start to feel margin pressure and need to keep volume up + costs down.
i don't have a specific proposal. (yet.) but i'm investigating, and i
recommend others do likewise.
More information about the NANOG