Garrett: Producing a trustworthy x86-based Linux appliance

Posted Jun 2, 2021 15:19 UTC (Wed) by pizza (subscriber, #46)
In reply to: Garrett: Producing a trustworthy x86-based Linux appliance by nim-nim
Parent article: Garrett: Producing a trustworthy x86-based Linux appliance

> We could not even deploy “simple” tech like individual certificates without something like let’s encrypt! (And let’s encrypt totally voided any attestation/trust value certificates might provide).

That's not quite true; let's encrypt ties attestation/trust to the entity that controls the domain in question. Which is all most registrars ever did.

It will be impossible to further improve trust/attestation until the globally-trusted CA model is discarded in favor of something like DANE (+DNSSEC)

Garrett: Producing a trustworthy x86-based Linux appliance

Posted Jun 2, 2021 16:22 UTC (Wed) by nim-nim (subscriber, #34454) [Link] (1 responses)

> That's not quite true; let's encrypt ties attestation/trust to the entity that controls the domain in question.

Which means that anything that wrestles control of a domain can “prove” to others it is legit :(. Putting the trust bar quite low.

Garrett: Producing a trustworthy x86-based Linux appliance

Posted Jun 2, 2021 17:01 UTC (Wed) by pizza (subscriber, #46) [Link]

> Which means that anything that wrestles control of a domain can “prove” to others it is legit :(. Putting the trust bar quite low.

But that's not something pioneered by letsencrypt -- Every SSL certificate I've ever purchased from a "traditional" CA was validated the same way; via proving you have operational control of the domain.

If anything, letsencrypt's approach represents an improvement, as any fradulently-obtained certificate will become invalid sooner rather than later due to their short, 3-month lifecycle.

Sure, you could always pay a registrar extra for an "extended validation" certificate, but they were never common, and browser makers have found they're not the panacea they were hoped to be.