[throwaway2048]

reposting a comment:

What do you think would happen under a DNSSEC-DANE TLS world if that started being detected via key pinning/CT ?

There is just no way the NSA is going to risk it except in very very specific circumstances they can easily control, (exactly the same situation as HPKP) because, they too will be forever burned just like an ssl CA would, except now they cant just switch to one of hundreds of other CAs, they have burned the root keys to a tld. This will be obvious, this will be screamed about from the rooftops, the key will be rotated + a ton greater scrutiny applied to the process.

Its not like browsers and other people pinning certs are just going to shrug their shoulders and say "aw shucks, i guess we wont worry about it"

[hueving]

And how exactly do you think rotating a TLD key will help if it's obvious that TLD will just give the new key to the NSA anyway?

[throwaway2048]

the same way it can help in the case of the CA, parties like Google will set strict standards + see them compiled with or DANE etc will be ignored from the suspect TLDs.

[tptacek]

What does it mean to "set strict standards" on .COM? Google can eliminate whole CAs, or scope them down to only a subset of names. It can't do that with .COM.

[throwaway2048]

it can however refuse to allow DANE to be used on .COM/other TLDs + apply immense political pressure.

[tptacek]

If you're not going to allow DANE on .COM, what's the point?