On 2/11/11 4:39 AM, Rob Stradling wrote:
On Friday 11 Feb 2011 05:08:10 Steve Schultze wrote:
<snip>
- OCSP and CRLs are unnecessary with DANE
Steve, may we presume that you only intended this statement to apply to the
use of self-signed certs with DANE?
When an EV (or OV) certificate issued by a third-party CA is used with DANE, I
would argue that OCSP and CRLs are still essential, because these certificates
make claims (about organizational identity) that can't be assured by
DNS(SEC)/DANE.
When a DV certificate issued by a third-party CA is used with DANE, I would
argue that OCSP and CRLs may be less than essential but they are still useful
(e.g. the CA may subsequently detect that the key or hash algorithm used in
the certificate is weak).
I meant that DANE's "revocation" of any of its prior assertions is built
into the architecture via DNS TTL and removal of records.
For, CA-issued certs that contain greater-than-domain-validation data,
the CA needs the ability to revoke the certificate. This is because
they are the ones that made the assertion in the first place.
Perhaps there is some argument that even for DV certs CAs will be better
about detecting weak key or hash algorithms, but as I noted elsewhere in
my message we have repeatedly seen that the best way to do this is to
implement hard client checks rather than trying to get hundreds of CAs
in line. In any case, the "revocation" mechanism of DANE is far more
straightforward.
Thus, the CA DV model provides no clear comparative benefit with respect
to revocation abilities. In fact, by removing the need to proactively
revoke, DANE improves reduces the spectrum of exploits. It also places
revocation power directly in the hands of the subscriber.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
