[ I agree that this thread is off topic for this WG, thus below just a short OT aside on some oft-repeated critiques of DNSSEC. ]
> On Nov 12, 2018, at 2:15 PM, Tony Arcieri <basc...@gmail.com> wrote: > > The cryptography employed by the X..509 PKI is substantially more modern than > what's in DNSSEC. Much of DNSSEC's security comes down to 1024-bit or > 1280-bit RSA ZSKs. It is true that while the KSKs tend to be 2048-bit RSA, ZSKs are typically 1024-bits or 1280-bits. http://stats.dnssec-tools.org/#keysize That said, all the TLDs are using 2048-bit KSKs, and we're seeing increasing adoption of ECDSA in DSSSEC: http://stats.dnssec-tools.org/#parameter and the .CZ and .BR TLDs switched to ECDSA this year, and more will likely follow. Furthermore, the weakest link in the chain for both WebPKI and DNSSEC is not the cryptography. Rather it is operational weaknesses in the enrollment processes. For WebPKI, we basically have TOFU by the CA based on apparent unauthenticated control of a TCP endpoint as the basis of certificate issuance, occasionally strengthened via DNSSEC(!) validated CAA records and/or ACME challenges. For DNSSEC, the domain administrator actually has login credentials at the registrar, and domain control does not require a leap of faith, it is a fundamental fact of the registrant/registrar bilateral relationship, there's no third-party trying to bootstrap trust from indirect evidence. What's more anyone who can compromise the registrar account and take over your DNS can quickly obtain a WebPKI certificate as a trophy of their accomplishment. :-) So the WebPKI picture isn't especially better, there pros and cons in each space. > Furthermore DNSSEC deployment in general lags behind the X.509 PKI > significantly. > In general attempts to bolster browser security with DNSSEC have failed due to > DNSSEC misconfigurations or outages. Certificate renewals are also botched from time to time, but we've not abandoned the WebPKI. The main barriers to DNSSEC are last-mile issues, and poor support for DS record enrollment at some registrars. Zone signing tools have been difficult to use, but are much improved lately. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls