Russian government issued their new root certificate years ago.
Nobody trusted it enough to request a certificate from them or install it on their computers. Including almost all of the russian residents.
If Let's Encrypt enforces the rules, as written in pdf, a lot of people would lose a choice.
Frankly, even publishing a statement like that would make the scales of trust tip for some.
With all the problems with Web PKI, at least the bad actors are getting distrusted, and this provides a very strong enforcement on the rest. And Certificate Transparency makes sure the mis-issuance would be caught. It is not perfect by any means, but things are getting better.
With DANE (or other country-issued certificates), every government will absolutely double-issue certificates to police, secret service and friends of goverment, and no one will have any recourse. (In the past I'd say that only countries like Russia would do it.. but with today's climate, I am sure both US and many European countries will do that too)
Certificate transparency is nice. Browsers could require it for DANE certificates, just like they require it for current Web PKI certificates.
The people controlling the TLD of interesting can exert control over the domain of interest in order to issue a DANE certificate. But they can also exert control over the domain of interest in order to request a domain control certificate, so widespread use of DANE wouldn't add any new adversaries. If DNSSEC wasn't a mess, and DANE replaced WebPKI, we would eliminate the risk from CAs without adding a new risk --- TLDs (and the DNS root) are existing risks.
Countries already have CA that issue certificates with more legal force than a handwritten signature. I can open a bank account, pay my taxes and sign up to all government services. But I can't use them for a webpage.
> With DANE (or other country-issued certificates)
DANE isn't a country-issued certificate. It's a scheme where you store your public keys on DNS records. Of course, now we have the issue that DNSSEC (signed DNS records) isn't widespread and the whole issue with DNS registries.
This would be pretty terrible if anyone actually cared about DNSSEC, but luckily for us, no one cares.. So let's keep things this way.
There’s no essential difference between the two from my perspective. Why are these my only choices?
An international body might work, or just move the issue one step back.
Or so they say. How's that been working out in practice?
I guess one doing well enough can be oblivious to all this...
Let's not create a world wide PKI based on a political ideology.
> country-issued certificates [...] every government will absolutely double-issue certificates
This is such a strange argument. If you register a .ru domain, do you really think you are safe should the Russian intelligence services ask for a valid certificate? Controlling the actual domain, they could issue ask many domain validated certificates as they wish.
The problem with our current SSL PKI, as so very many people have pointed out over the years, is that any CA is allowed to issue valid certificates for any domain name. There have been proposals to use X.509 extensions to remedy this, but they have seen lesser real world usage than the various certificate revocation schemes, which is very close to zero already.
If there was no way for a Russian CA to issue certificates for .us domains, real world security would improve. A lot. And the other way around, of course.
Feel free to s/Russian/Chinese/ in the above argument or whatever tickles your geopolitical fancies. The argument still stands.
Domain registries decide who owns what domain. That is their literal role. You would think that asserting this ownership cryptographically would be a no-brainer in 2026. Yet we have this discussion over and over again. There are many people whose income quite literally depend on the status quo of our global SSL PKI, which coincidentally also offers no end of possibilities for the various intelligence services around the world.
The next time someone tries to scare you with that governments or intelligence services control DNS and therefore it would be crazy to limit issuance of certificates to them, take a look where they have contracts.
And things only gotten better since - we now have CT logs, and browsers require them, so any mis-issuance can be detected automatically, by any interested third party.
If we go to DANE, we lose this all. "Oops, our CT uploader process failed, we will fix Real Soon(tm) we promise" - and what are browsers going to do? Distrust the entire country?
[0] https://blog.mozilla.org/security/2011/09/02/diginotar-remov...
I didn’t realize the slapped their face on the pavement right after being acquired.
In the Dutch hacker scene, Diginotar was a meme. Everyone knew it was a mess there.
Note that phones already try to prevent you from using a certificate that you provide yourself.
Maybe we should have solve the ISP snooping problem by making that illegal instead.
If it were as cheap and efficient as TLS these days, yes, absolutely
> Maybe we should have solve the ISP snooping problem by making that illegal instead.
We could do both! ISP snooping is still a problem for metadata (SNI).