That article is incredibly misleading in what it leaves out: by using same logic, our existing CA system is equally a “backdoor”.
We have certificate transparency to help address that, and were DANE to be in actual use similar systems would quickly appear, for example using the RIPE Atlas.
DANE is not a backdoor. To exercise it as one would require replacing operator-controlled keys with government (or other) keys. This would be no less visible than doing the same with an existing certificate authority.
We have certificate transparency to help address that, and were DANE to be in actual use similar systems would quickly appear, for example using the RIPE Atlas.
DANE is not a backdoor. To exercise it as one would require replacing operator-controlled keys with government (or other) keys. This would be no less visible than doing the same with an existing certificate authority.