At 11:58 AM -0400 6/25/02, Keith Moore wrote:
> We seem to agree that the DNS could be sued to distribute certs, so
the question is what should the certs attest to and who should issue
them. I argue that we need certs that support validation of DNS
bindings, and that the only authoritative sources for that info are
the folks who manage the DNS.
and there is no assurance that they're trustworthy.
since trustworthiness is a relative term, that can always be said
about any CA. that's why I don't like dealing with CAs based on
trust. authoritativeness is a quality that is less contentious in
many contexts, including this one.
> Anyone else is a TTP, with all the
problems that implies.
the problems associated with TTPs may actually be less than the problems
associated with implicitly trusting the TLDs. you *choose* whether to
trust a TP. limited trust of the TLDs is essentially forced on you,
but it's a mistake to extend that trust beyond the minimum necessary.
and a DNS-based PKI would not require anyone to trust it. people
could choose to make use of it, or could continue to make use of the
insecure system we have today. nobody said that making use of the
certs would be mandatory; it would be an option we currently do not
have.
you fear that people would decide to rely on this new aspect of the
infrastructure and you think that, because of the specific
organizations operating some TLDs, that this would be a bad choice.
but, since we agree that people implicitly rely on it anyway, I don't
see the change as a a bad one.
it's one thing to get an address RR of a server from a TLD. you still
have the opportunity to authenticate that server via other means that
you trust. the worst the TLD can do in this case is a DoS attack.
OTOH if the TLD has the capability of issuing a bogus cert for the
server you want to contact, and you are foolish enough to trust it,
you're screwed. and the TLDs will mislead the public into trusting
them, because they'll be the "obvious" choice, and because there's
nobody to keep them honest.
if you really do have viable means of independently verifying the
accuracy of the binding, then you can always choose to employ them. I
think that such means are rare in practice. but, in any case, these
means could still be available.
this is why a DNS-based PKI is a Bad Idea.
OTOH being able to access TP certs via DNS could be quite useful.
the most trust that should be invested in the TLDs (or any zone)
should be the ability to authenticate the RRs in their zone,
and specifically NOT to authenticate servers. and we don't need
a DNS PKI to authenticate RRs, we have other mechanisms for that.
let's just say we disagree.
Steve