[pinhead26]

Ah hello 2015, my old friend.

DNSSEC is a Government-Controlled PKI -> Not if the root of trust is secured by a proof-of-work blockchain

DNSSEC is Cryptographically Weak -> Not if zone operators upgrade to ECDSA as defined for DNSSEC in https://tools.ietf.org/html/rfc6605

DNSSEC is Unsafe -> NSEC3 is mentioned by the article itself

DNSSEC is Expensive To Deploy -> We can make tools for this, so much has gotten easier already

DNSSEC is Incomplete -> Agreed, we need browser adoption

[CiPHPerCoder]

> Not if the root of trust is secured by a proof-of-work blockchain

https://tonyarcieri.com/on-the-dangers-of-a-blockchain-monoc...

https://paragonie.com/blog/2017/07/chronicle-will-make-you-q...

> Not if zone operators upgrade to ECDSA as defined for DNSSEC in https://tools.ietf.org/html/rfc6605

First: That's a big "if". Lots of RSA legacy support.

Furthermore, ECDSA is so bad that Ed25519 and Ed448 are even coming to FIPS 186-5 later this year.

Citing ECDSA adoption in DNSSEC doesn't make as strong of a case as you might think.

[dane-pgp]

For context, some statistics:

"Currently [2018], in more than 90% of cases if a user passes DNS queries to a resolver that performs DNSSEC validation of an RSA digital signature the same resolver will also perform DNSSEC validation of ECDSA P-256 digital signatures."

https://blog.apnic.net/2018/08/23/measuring-ecdsa-in-dnssec-...

"Since the second quarter of 2019 [to the first quarter of 2020], the population of [strict DNSSEC] validating users has risen from 12% to 22%, close to doubling. At the same time, the proportion of [non-strict DNSSEC validating] users has risen from 5% to 10%."

https://blog.apnic.net/2020/03/02/dnssec-validation-revisite...

[dane-pgp]

A better argument against the preposterous claim that DNSSEC is "government-controlled" (and one that doesn't rely on blockchains, which are controversial in their own right), is that with DNSSEC you can choose which government (i.e. ccTLD) your domain is under, or choose one of the many generic TLDs.

The web PKI, by contrast, requires users to trust a bunch of CAs, any one of which could have been compromised by a government and can issue a certificate for your domain. Also, if a government can compromise your DNS records, they can also be granted domain-validated certificates for those domains, so the web PKI is not an improvement.

Anyway, if your threat model is that every single country in the world is willing to subvert the security of their own DNS hierarchy specifically to attack you, then the limitations of DNSSEC are the least of your worries.

[tptacek]

With DNSSEC, when it becomes instantly clear that the United States Government controls .COM, Google can simply leave .COM, and tell every Google user in the United States never to use the tainted GOOGLE.COM domain, and all the users will stop using .COM and start using the new Google domain name, because that is how things work in the real world.

[dane-pgp]

Yeah, imagine the hours of productivity that will be lost as people in the US update their link to Google in their IE6 "Favorites" list, because that's how things work in the real world.

In contrast, when it becomes clear that the United States Government controls multiple certificate authorities, that won't be a problem for any websites.

[Avamander]

With the CT system I can monitor the CA's issuance, with DNSSEC I can't retroactively monitor if someone has changed the DANE keys and intercepted traffic.

[dane-pgp]

True, DNSSEC Transparency is not as developed a technology as Certificate Transparency. There has been experimental deployment of such a system[0] but to give higher assurance there is a small addition to the DNS data that needs to be adopted first[1], which is still going through the IETF process.

[0] https://twitter.com/ln4711/status/754516056878772224

[1] https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-deleg...

[tptacek]

Certificate Transparency, by contrast, exists.

[dane-pgp]

There was a time when Certificate Transparency didn't exist, and people didn't propose throwing away the web PKI because of that.

[Avamander]

Yeah, because Web PKI existed, DNSSEC has yet to gather any meaningful good deployment. It's not hard to throw away something that doesn't exist :P