[tptacek]

Incoherent. Browser vendors exert control by dint of controlling the browsers themselves, and are in the picture regardless of the trust system used for TLS. The question is, which is more centralized: the current WebPKI, which you say is also completely dependent on the DNS but involves more companies, or the DNS itself, which is axiomatically fewer companies?

I always love when people bring the ccTLDs into these discussions, as if Google could leave .COM when .COM's utterly unaccountable ownership manipulates the DNS to intercept Google Mail.

[teddyh]

> when .COM's utterly unaccountable ownership manipulates the DNS to intercept Google Mail.

Why is this more likely to happen than a rogue CA issuing a false certificate?

Also, Google has chosen to trust .com instead of using one of their eleven TLDs that they own for their own exclusive use, or any of the additional 22 TLDs that they also operate.

[akerl_]

When a rogue CA issues a bad cert, they get delisted from all major browsers and are effectively destroyed.

That isn’t possible with .com

[teddyh]

The DNS is federated and hierarchical. A domain name (including top-level domains) is controlled by a single entity. If you do not trust that entity, you cannot trust that domain or top-level domain, or anything beneath that in the tree. But given that you trust the root zone, you can still (potentially) trust other subtrees in the DNS, like other top-level domains.

This is not the case with a CA, however; you are forced to trust all of them, and hope that when fradulent certificates are issued (as has happened several times, IIUC), that they will not affect you.

[akerl_]

In fact you don't have to trust any of them, since browser root stores enforce certificate transparency.

But also the issues of segmentation are pretty much a total shift of the goalposts from what we were discussing, which is what actually happens when malicious activity occurs. In DNS, your only option is to stop trusting that slice of the tree and for every site operator to lift and shift to another TLD, inclusive of teaching all their users to use the new site. In WebPKI, the CA gets delisted for new certificate issuance and site operators get new certificates before the current ones expire. One of those is insane, and the other has successfully happened several times in response to bad/rogue CAs.