I find this kind of article annoying (“I don’t know anything about this topic so here’s my criticism of my own guesses”) but I would love to read a follow-up describing what they think “straight binary x.509” looks like. :)
Honestly I just want to see a DHT-based domain system to come in use. GNS of the GNUNet project exists but it really doesn’t seem to be in regular usage.
Note to self, read the whole article before commenting!
Tying DNS and TLS together is a bit like tying L4 and L7 protocols together: it’s a minor optimization that makes systems much harder to reason about by eliminating a layer of abstraction. Of course, Google is tying L4 and L7 protocols together with QUIC, but I don’t think we should encourage the same behavior again.
If sending a certificate chain during the TLS handshake is really adding
that much overhead, then maybe there’s another argument for widespread
adoption of DANE and simplification of TLS?
Then a server could just send an unadorned public key without all that
cert chain rigamarole, and the client verifies the fingerprint against DNS.
For that matter, ED25519 public keys are pretty tiny; they could fit
comfortably in a TXT record. Let’s do that. The server wouldn’t even need
to send along its public key at connect time, because the client got
it from DNS, most likely from a cache that is much closer to the
client than the server is.
All of this assumes DNSSec.
Let’s help the CA dinosaurs find their asteroid.