[sarciszewski]

How does DNSSEC give immense control over TLS keys to sites in those TLDs exactly? I think I'm missing something.

[tptacek]

The motivating use case for DNSSEC is DANE. DANE stores TLS certificates in DNSSEC-signed DNS records. But the top of the DNSSEC tree is --- de jure! --- controlled by governments.

[sarciszewski]

Wouldn't that require a nation state to:

1. Get a signed CA certificate for your domain at gun-point.

2. Send a forged DNSSEC record?

In which case, it's not significantly worse than the current state? And even though we can't burn a TLD, we can burn the CA that signed the certificate in the first place?

Or is there some magic in DANE that subverts CA verification?

[tptacek]

I don't understand your question. If the government can't subvert CAs, DNSSEC is pointless; let's all just rely on the CAs. It can subvert them. Now, what problem is DNSSEC solving?

[sarciszewski]

I'm just trying to understand this attack that you implied.

[tptacek]

Yes: assume one of the thousands of CAs you trust has been compromised by NSA.

[sarciszewski]

Okay, so this is what happens:

1. Evil NSA compromises CA in BFE

2. Evil NSA subverts DNSSEC for COM to publish a bad CA certificate

3. Some combination of Google Certificate Transparency + HPKP discovers this, the CA in BFE gets removed from browsers

If your point is "DNSSEC is pointless", OK. But it sounds like you're saying it makes us less secure. I'm just trying to figure out how that could even be.