Reducing the X . 509 Attack Surface with DNSSEC ’ s DANE

For the last decade, perhaps the most commonly used type of end-user security has been the HTTP Secure (HTTPS) protocol employed by web browsers (which runs over the Secure Sockets Layer, SSL or its successor, TLS). In HTTPS, any service (such as a website) may create its own cryptographic certificate to secure its communication channel, and clients use this certificate to verify data from, and transmit data to the server. This model has helped to secure online banking transactions, eCommerce websites, social networking websites, and more. However, two inherent complications to this approach are that clients must have a secure way to learn the authentic certificate for each website before they begin using this protocol, and they must be able to determine if they can trust the named entity that the certificate belongs to. These complications are conflated in today’s security model, which is based on a list of prespecified trusted X.509 Certificate Authorities (CAs) that every client must know a priori, and a very ad-hoc approach to determining which of this list of CAs will vouch for any keys discovered. In this paper we first outline some of the fundamental problems that exist with today’s CA model, problems that arise from its conflation of the two inherent complications, and some of the implications and attack vectors that these problems present to the security of this model’s users. Then we introduce some of the relative benefits that can be gained from a new approach being standardized in the IETF called DNSbased Authentication of Named Entities (DANE), in which certificate credentials are verified by DNSSEC-enabled zones, rather than the CA model used today. We illustrate that the DNSSEC-verification model reduces the attack surface that users currently inherit, and show that this model opens avenues that have previously remained elusive (such as a usable S/MIME verification infrastructure).