Ask HN: Why SSL certs are not decentralized?

19 points by devneelpatel ↗ HN
Maybe a noob question: Why SSL/TLS certs are not decentralized? Is it not possible to set public key in DNS TXT record and have private key on the server. Would that not solve encryption? Why do we need SSL / TLS certs from a CA like LetsEncrypt?

28 comments

[ 3.9 ms ] story [ 57.3 ms ] thread
that's a fair question for me too. Same for DRM certificates
1. An txt record adds more time to the request, since you can't start the request before opening an tls connection. 2. The browser has to go through all the TXT records. My domains already have 4-5 TXT records. 3. The dns is still pretty much insecure. Dnssec is still not always available
What you're talking about exists: it's called DANE: https://en.m.wikipedia.org/wiki/DNS-based_Authentication_of_...
Why didn't this catch on?
I asked a cloudflare engineer this and the answer was a bit vague but amounted to the failure rate being something like 0.5% which was too high for the amount of TLS sessions being initiated all the time.

Although I always thought it would be a nice feature for security conscious folks to be able to ennable. Or go ahead and use it on more sensitive sites only, e.g. banks.

Which leads us back to needing caching, which needs a signatory, and a list of trusted signatory, which gets us back to certificate authorities. Gotcha :-).
What were the circumstances of the failures?
Browser vendors weren't interested. They believed the additional latency of DNS lookups would impact customer conversion rates. DANE is catching on in the email world.
Because (to a first approximation) nobody uses DNSSEC, which is required for DANE to work. The "why nots" of DNSSEC are many and varied, from reliability to low utility to vendor support.
This is very interesting. Hope this catches on.
I like the thinking and direction here.

At least, we could use this in situations where root cert is not part of CA stores in os/browsers.

How do you secure the DNS entries?
As per DANE: you use DNSSEC.
I thought we were trying to decentralise?
DNS is not decentralised. You pay some rentseeker for your domain. You might be happier with NFT based domain names? Even then it is not decentralised because whoever wins that mind battle is then the defacto king of that DNS. Unless it is done carefully to avoid early squatting and premine.
Which comes back to same CA problem the OP is trying to get rid of, no?
Because you're reliant on the registrar and potentially a third party operator running the authoritative name servers? You're already reliant on those things, regardless of whether you want TLS or not.

I am a very big proponent of building things yourself (rather than using an off-the-shelf/existing solution that's similar) - whether that is tooling, or applications, or hosting your own services, and I'm particularly vocal about not making your business be shackled to specific services run by others (e.g. I'm of the opinion that offering exclusively "social login" is a huge red flag), and even I don't start complaining about "well this stack isn't really self hosted, you're still relying on the registrar for your domain!"

Popular browsers are controlled by so-called "tech" companies that sell advertisiing services and seek to profit from online purchases.

These so-called "tech" companies exert oversized control over the CA scheme.

Pure coincidence.

That's a funny thing to say, because (I think literally) every security advance in the WebPKI has come from browsers over the objection of CA operators. Like, you couldn't possibly get this wronger.
Simple: the financial interests of huge corporations like DigiCert.

They sit in standards bodies that could fill their moat and undermine every open effort.

It’s insidious and there’s not much anyone with less than a billions dollars of interest in the matter can do about it.

Maybe a government or mega corp like Google will fix it, but I’m not holding my breath…

Why not use public key as IP. Like yggdrasil-go, use `public_key.sha256.first_63_bit === ipv6[1..64]` (maybe some data error but here is how it works). Well, yggdrasil is an overlay network, it can do that. But the ISP network cann't. Maybe we all should move to an overlay network.
we can even add ipv8 ipv12 or ipv256 whatever, then `public_key.sha256 === ipv256`. So we can even have 0rtt in tls.