Interests of the existing PKI industry may be the source of some friction, but the bigger issue is that DANE depends on DNSSEC, which is not widely deployed, and sometimes actively avoided due to its complexity and ease of breaking you site.
Don't get me wrong, I'd love it if DANE, or something similar caught on, but I don't think it is practical until something changes to make DNSSEC (or equivalent) common.
Was this AI-generated? It seems to keep circling around the same points and have some major misunderstandings.
> If that is the case, why should the server convey the certificate and the OCSP status to the client and defer to the client on the decision not to proceed with the TLS connection? Why shouldn’t the server simply terminate the TLS connection immediately itself?
Why does it matter? You're talking about a scenario that should essentially never happen, who cares about slightly suboptimal performance at that point?
> CRLs only really work efficiently when nobody revokes certificates.
Revocation is an emergency measure, not a routine one. That's ok.
> At this point, why not just use DANE (RFC 6698), store the public keys in the DNS, rely on DNSSEC to provide the necessary authenticity, and use DNS TTL settings to control the cached lifetime of the public key?
Because DNS' multilayered caching makes it notoriously impossible to operate safely or debug. Most large outages already originate in DNS issues; putting the crypto in that layer would redouble it.
Agreeing with my sibling commenter, this writer is extremely experienced and has been writing this blog for many years. I’d be appalled if this were LLM-written, but thankfully it reads with the same style and tone that he’s always had.
> Revocation is an emergency measure, not a routine one. That's ok.
At the scale modern CAs operate, even emergency measures (i.e. measures that are an emergency for the party receiving the leaf cert) are also routine for the CA/the party granting the leaf cert.
Interests of the existing PKI industry may be the source of some friction, but the bigger issue is that DANE depends on DNSSEC, which is not widely deployed, and sometimes actively avoided due to its complexity and ease of breaking you site.
Don't get me wrong, I'd love it if DANE, or something similar caught on, but I don't think it is practical until something changes to make DNSSEC (or equivalent) common.
> If that is the case, why should the server convey the certificate and the OCSP status to the client and defer to the client on the decision not to proceed with the TLS connection? Why shouldn’t the server simply terminate the TLS connection immediately itself?
Why does it matter? You're talking about a scenario that should essentially never happen, who cares about slightly suboptimal performance at that point?
> CRLs only really work efficiently when nobody revokes certificates.
Revocation is an emergency measure, not a routine one. That's ok.
> At this point, why not just use DANE (RFC 6698), store the public keys in the DNS, rely on DNSSEC to provide the necessary authenticity, and use DNS TTL settings to control the cached lifetime of the public key?
Because DNS' multilayered caching makes it notoriously impossible to operate safely or debug. Most large outages already originate in DNS issues; putting the crypto in that layer would redouble it.
> Revocation is an emergency measure, not a routine one. That's ok.
At the scale modern CAs operate, even emergency measures (i.e. measures that are an emergency for the party receiving the leaf cert) are also routine for the CA/the party granting the leaf cert.