Comment Re:Something To Think About (Score 1) 91
Of course this is a chicken-egg problem in that it then ties back into DNSSEC and root level trust in DNSSEC needs to be solved (through CAs for now) but it decouples the problem and leverages the architecture of DNSSEC (we really do need it anyways) to provide arbitrary certificate trust without putting undo burden on DNS. If we are going to have to have DNSSEC to fix DNS we may as well use it for more than just name to IP resoultion. There is no reason to solve the trust problem more than once since and as long as we use DNS based hierarchies to specify machines or end users (e-mail accounts) we have to trust DNS. The fact that today pre-DNSSEC we blindly trust unsigned DNS replies is the only reason the parallel certificate hierarchy exists at all.
In the current arrangement, the parallel CA hierarchy allows you to provide a (theoretically) verifiable connection despite your registrar or DNS provider being perhaps less reputable than you'd like. For an attacker to silently redirect your SSL traffic, he has to compromise at least two external entities--your CA & DNS host/registrar or your CA and somebody in a position to MITM your traffic (obviously a local compromise gets him everything, but this is within your direct control). While I'm no fan of the CA model, the stuff pulled by companies in the DNS market (registrars and hosts both) make the CA's look positively responsible, and handing them all the keys necessary to silently redirect traffic makes me uneasy.
It seems that by suggesting these functions be consolidated into DNS, you're effectively saying that by consolidating two untrustworthy parties into one untrustworthy party, you'll be more secure. I'm pretty sure I don't agree with that, but I'm willing to listen. How do you address such criticism?