Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What's more, it's a software-only infrastructure upgrade: it wouldn't, in the simplest base case, require zone owners to reconfigure their zones, the way DNSSEC does. It doesn't require policy decisionmaking. DNS infrastructure operators could just enable it, and it would work --- unlike DNSSEC.

(Actually getting it to work reliably without downgrade attacks would be more work, but notably, that's work DNSSEC would have had to do too --- precisely the work that caused DANE-stapling to founder in tls-wg.)



I'd love to see DoH/DoT that uses a stapled DNSSEC-authenticated reply containing the DANE entry.

There's still a chicken-and-egg problem with getting a valid TLS certificate for the DNS server, and limiting DNSSEC just for that role might be a valid approach. Just forget that it exists for all other entry types.


Stapling is dead: nobody could agree on a threat model, and they ultimately ended up at an HPKP-style cached "this endpoint must staple DANE" model that TLS people rejected (reasonably).

But if you have DoH chaining all the way from the recurser to the authority, it's tricky to say what stapled DANE signatures are even buying you. The first consumers of that system would be the CAs themselves.


That's why I want to use it only for DoH/DoT queries. Which will be used by the CAs to issue the WebPKI certs.

This way, it can be used to guarantee the integrity of the resolution path without first getting a certificate from a CA.


I'm just saying, at that point, you're using a custom TLS protocol, because the real TLS protocol doesn't have a DANE-stapling extension.


Sure. But if it's used only for DoH/DoT queries inside a DNS resolver, its deployment path is more realistic than adding DANE to all the TLS clients.


Right, I agree with that narrow point, but it seems clear to me that neither is going to happen; I think DANE is a dead letter.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: