The problem is what they do when they can't reach that data. All the browsers out there now simply fail silently and go to the site anyway.

For some reason this is seen as a problem with CAs and not the broken browsers. But from the browser providers perspective 99% of their customers are really interested in getting to sites reliably and without fuss and less than 1% are dissidents whose lives might be threatened.

This is not the fault of the guy who writes the code. They only own one small piece of the browser and do not get to make the 'commercial' decisions.

Expecting this to be any different with a DNSSEC scheme is to engage in mystical thinking of a naive variety.

The back end security model of the DNS system is not at all good. While in theory a domain can be 'locked' there is no document that explains how locking is achieved at the various registry back ends. A domain that is not locked or one that is fraudulently unlocked is easily compromised.

The part of the CA system that has been the target of recent attacks is the reseller networks and smaller CAs. These are exactly the same sort of company that runs a registrar. In fact many registrars are turning to CAs to run their DNSSEC infrastructure since the smaller ones do not have the technical ability to do it in house. In fact a typical registrar is a pure marketing organization with all technical functions outsourced.

There are today about 20 active CAs and another 100 or so affiliates with separate brands. In contrast there are over a thousand ICANN registrars.

Sure there are some advantages to incorporating DNSSEC into the security model. But to improve security it should be an additional check, not a replacement. Today DNSSEC is an untried infrastructure, it is grafted on to a legacy infrastructure that is very old and complex and security is an afterthought.

The current breach is not even an SSL validation failure. The attacker obtained the certificate by bypassing the SSL validation system entirely and applying for an S/MIME certificate that did not have an EKU (which it should). That makes it a technical exploit rather than a validation issue. DNSSEC is a new code base and a very complicated one. Anyone who tells you that it is not going to have similar technical issues is a snake oilsman.

The big win for DNSSEC is to distribute security policy in a scalable fashion. See my CAA and ESRV Internet drafts.

Imagine that you are visiting slashdot, wouldn't it be better to use SSL than en-clair if the site supports it? Wouldn't it be better to have encryption with a duff cert than no encryption at all? [*]

DNSSEC allows a site to put a flag in its DNS to say 'always use SSL when visiting slashdot on http'. Now the server knows that if it is going to slashdot and it is not encrypted there is a man in the middle. Same for Twitter, Google etd.

DNSSEC can also be used to ensure that the only certs trusted for a domain are ones authorized by the domain holder. This provides an independent trust path to CA issued X.509. If used in combination, security can be improved.

[*] The catch is that showing the user the padlock icon for a duff cert is going to make them less secure. That is why I would like to see the browsers remove the padlock icon completely for DV certs. the only reason the padlock is required is to allow the user to check that SSL is in use. Since the user can't and won't do that reliably it is a poor control anyway. But it is in any case a control that should be enforced by the browser not the user and DNSSEC security policy allows that to happen.

On key distribution, well sure, for typical Web services and for promiscuous security, DNSSEC validated keys are just fine. It is not going to be a money saver. It does not justify a padlock icon (neither does a DV cert). But it is perfectly adequate for most applications.

Unfortunately it is likely that making use of DNSSEC for key distribution is going to be delayed for at least a year due to IETF politics. I blame the people behind the DANE proposal. They have been less than forthcoming about their real agenda from the start and have shown absolutely no willingness to accept any input from other parts of the IETF. The IETF is a consensus based organization but the test is IETF consensus, not working group consensus. If a clique wants to change the rules for handling PKIX certs they have to get an IETF consensus that this should be done.

DANE could have easily been designed in a way that allowed security policy and key distribution to be completely separate. Unfortunately the ruling clique insists these be joined. The result is a spec that is in my opinion undeployable because the transition strategy for a scheme providing positive trust (key distribution) is by necessity very different to that required for a scheme that provides negative trust (key revocation, security policy, etc.).

The threat model in this case is a well funded state actor that might well be facing a full on revolution within the next 12 months. It does not matter how convergence might perform, there is not going to be time to deploy it before we need to reinforce the CA system. [Yes I work for a CA]

I think it most likely we will be seeing the Arab Spring spreading to Syria with the fall of Gaddafi. We are certainly going to be seeing a major ratcheting up of repressive measures in Syria and Iran. Iran knows that if Syria falls their regime will be the next to come under pressure. In many ways the Iranian regime is less stable than some that have already fallen. There are multiple power centers in the system. One of the ways the system can collapse is the Polish model, the people of Poland didn't have a revolution, they just voted the Communist party out of existence. If the Iranian regime ever allows a fair vote the same wil happen there.

Anyone think that we will have DNSSEC deployed on a widespread scale in the next 12 months? I don't and I am one of the biggest supporters of DNSSEC in the industry. DNSSEC is going to be the biggest new commercial opportunity for CAs since EV. Running DNSSEC is not trivial, running it badly has bad consequences, the cost of outsourced management of DNSSEC is going to be much less than a DNS training course ($1000/day plus travel) but rather more than a DV SSL certificate ($6 for the cheapest).

The other issue I see with Convergence is that it falls into the category of 'security schemes that works if we can trust everyone in a peer to peer network'.

Wikipedia manages a fair degree of accuracy, but does anyone think that they really get up to 99% accurate? Until this year the CA system had had three major breaches, all of which were trapped and closed really quickly plus about the same number of probes by security researchers kicking the tires. Until the Diginotar incident anyone who had revocation checking in place was 100% safe as far as we are aware, not a bad record really.

There is a population of about 1 million certs out there, even 200 would mean 99.95% accuracy.

Running a CA is really boring work. Not something I would actually do personally. To check someone's business credentials etc takes some time and effort. It is definitely the sort of thing that you want a completer-finisher type to be doing. Definitely not someone like me and for 95% of slashdot readers, probably not someone like you either.

The weak point in the SSL system is not the validation of certs by CAs, they are (in order) (1) the fact that SSL is optional (2) the fact that the user is left to check for use of SSL (3) the fact that low assurance certificates that have a minimal degree of validation result in the padlock display.

The weak point being exploited by Iran is the braindead fact that the Web requires users to provide their passwords to the Web site every time they log in. I proposed a mechanism in 1993 that does not require a CA at all and avoids that. Had RSA been unencumbered I would have adopted an approach similar to EKE that was stronger than DIGEST but again did not require a cert.

Certs are designed to allow users to decide who they can share their credit card numbers with. That is a LOW degree of risk because the transaction is insured. Certs are not intended to tell people it is safe to share their password with a site because it is NEVER safe to do that.

Spot on analogy, Tackhead. +1, you.

Hahaha. I had forgotten about the LBs. Hope you are doing well soon.

Thanks man. Advogato 4 lyfe.

Hahahaha -- ah, the ball gag. That brings back memories.

Almost like we planned it that way. Too bad we didn't!

I SEE YOU PUDGE

Nope, CBN left a few years ago. Samzenpus and Timothy are still around tho'!

You can refer to me as "Norman" if that makes it more palatable.

The worst part is that I did miss first post. But it was chrisd who beat me so that makes it slightly more bearable.

Thanks -- it was always the personal part that made me happiest.

Thanks. And you all should know that it has been the readers that kept Rob and I going for as long as we did.