| ▲ | cortesoft a day ago |
| How would you revoke a certificate? If you are running a malicious DNS server, couldn't you just refuse the update and keep servicing the prior results? |
|
| ▲ | parliament32 a day ago | parent [-] |
| If the DNS service is "perfectly secure", we're assuming MITM attacks are impossible. You wouldn't need to revoke anything, you just update the fingerprint in the record. |
| |
| ▲ | cortesoft a day ago | parent [-] | | Why would DNS being perfectly secure make MITM attacks impossible? It might be impossible to hijack DNS, but after DNS resolution happens, then the actual connection via IP address has to happen. If you are saying every packet sent is secure, then it would have nothing to do with DNS? | | |
| ▲ | cyphar a day ago | parent [-] | | You could store the certificate hashes in DNS (i.e., use DANE instead of the CA PKI) and so a MITM on the actual connection wouldn't succeed. | | |
| ▲ | cortesoft a day ago | parent [-] | | Right, but what if the certificate is compromised? How would your revoke it? | | |
| ▲ | cyphar 20 hours ago | parent [-] | | If the DNS entries for the certificates have a very short TTLs (i.e., 2 minutes) then you wouldn't need explicit revocation infrastructure. It would probably take more than 2 minutes for CRLs or OSCP changes to propagate anyway. (I'm not necessarily in favour of this, I just don't see the revocation part as being the main issue.) |
|
|
|
|
