[Ach] bettercrypto.org cert blocked in chrome 56

sivmu sivmu at web.de
Tue Nov 29 21:41:34 CET 2016

Am 29.11.2016 um 11:46 schrieb Alice Wonder:

>> DANE has its onw drawbacks, and also provides only an alternative cert
>> autority system (the DNS root) which has the same or at least simular
>> problems the the existing one. It provides additional security yes, but
>> it is not nearlz as resistant to elaborated attacks then HPKP.
>> Expeciallz government level adversaries only need very little effort to
>> break the common ssl cert system and the DNS cert system, while they
>> won't be able to break HPKP because it lacks the central autorieties.
> With DNSSEC you don't have to rely upon the ICANN root. You can have
> your DS records signed by alternate, and for the few TLDs that don't yet
> support DNSSEC an alternate root is the only way.
> At some point I will be encouraging the EFF to provide such a service,
> so that people who use DNSSEC can submit their DS records both to their
> TLD and to EFF so that DNSSEC clients can check both.
> That way to compromise a TLSA record, the attacker would have to access
> to both the signing key from the TLD and from the EFF.
> The EFF could use the existing let's encrypt infrastructure to validate
> a domain owner before signing DS records submitted to them.
>> A simular solution will be available for smtp soon as well.
> It already exists with DANE and is in use on several large e-mail
> services (e.g. Comcast here in the United States) - though I think other
> than custom code, Postfix is the only MTA that supports it.

HPKP and its equivalent for smtp is not the same as DANE.

DANE requires a lage set of dependencies, a gigantic infrastructure and
a still largely central administration of root keys.
HPKP on the other hand is simple and small.

The difference in attack surface of these two technoogies is like
comparing the complexity of a nail to that of a plane.

Don't get me wrong, DANE is great for mail server at least, but it does
not solve the trust issue of the existing cert system, it just adds an
additional layer with simular issues.

And while it would have certainly some benefit to have the EFF validate
records, they are also only one security letter away from being compromised.

With HPKP there is no such attack surface.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20161129/c5ae62bc/attachment.sig>

More information about the Ach mailing list