The finance systems I’m familiar with generally don’t rely on DNS for security and, more commonly, don’t rely on it at all. For systems operating over the open Internet, the most common security mechanisms involve pre-shared key pairs. For systems not on Internet, IP (v4) addresses are generally used directly.
I’m actually generally disappointed that TLS in the context of web browsers essentially only uses the CA system for identification and security. It’s wrong at both ends of the spectrum. There are systems where manual key distribution would be fine, and avoiding the CAs as a weak point would be beneficial. And there are systems where the CA system flat out does not work (e.g. anything where the servers are not connected to the Internet and do not even have every-few-days Internet access). Neither of these use cases are handled well by web browsers. (DNSSEC doesn’t help either, of course.)
This is why I said “do not even have every-few-days Internet access”. Without some kind of recurring connectivity, certificate renewals are impossible. (The client could, in theory, help, but that’s not a thing right now.)
Systems like this are all over. Almost every IoT device is an example. More seriously, networking hardware is in this category. You can’t make connectivity to networking hardware depend on a working network with Internet access to obtain certificates without introducing a circular dependency and the possibility of making it very hard to recover from downtime.
As a result, security of network control planes is often abysmal.
I'm not clear here if "Internet access" means incoming access, outgoing access, or neither.
To be clear, the solution above requires no incoming access. Its 100% client, there's no server access. (Client to the DNS Api, client to ACME.
If the device does not have client access to anything then the certificate can be obtained from another device. You would then need some mechanism to put the certificate on the device.
I agree that IoT devices are problematic, they either need client access to the Internet (which most don't get) or they need to run a "server" of some kind to receive the certificate updates. If you're lucky this could be automated.
I have found it relatively easy to just run a local CA for my isolated network. I didn't find it too difficult to setup. I run around 600 servers and about 20x that in IOT devices.
And how did you provision any of this? Did you take each device, connect to it while on that same network in a completely unauthenticated manner, and provision certificates? Can you send links to webpages on these devices to ordinary browsers that aren’t provisioned with the certificates? Would someone who doesn’t fully trust you and your infrastructure be willing to install your certificate?
> You can’t make connectivity to networking hardware depend on a working network with Internet access to obtain certificates without introducing a circular dependency and the possibility of making it very hard to recover from downtime.
> C) provision certificates for this address using the DNS-Challenge approach rather than the HTTP-challenge approach.
The other "bonus" is that due to CT it leaks the internal name to basically everyone on the internet. It may or may not be a problem but definitely something to be aware of.
>> (e.g. anything where the servers are not connected to the Internet and do not even have every-few-days Internet access
It is possible to add your own root certificate to clients on the LAN. so the equivalent of hand-distributed keys. Granted, this leads to unwelcome other problems (you can't limit your root to your local domain) so it's not often done, but it is possible.
Personally I prefer the DNS-challenge approach I described in a sibling comment.
NameConstraints used to break in Safari: if you didn't set them mandatory, the constraints would be ignored and you could sign anything; if you set them mandatory, the certificate wouldn't validate. But it looks like support was added in 10.13.3, circa 2018, so probably good to go.
Might break some things, and I'm not aware of any mainstream uses, but obviously it'd be really handy if it's usable.
I’m actually generally disappointed that TLS in the context of web browsers essentially only uses the CA system for identification and security. It’s wrong at both ends of the spectrum. There are systems where manual key distribution would be fine, and avoiding the CAs as a weak point would be beneficial. And there are systems where the CA system flat out does not work (e.g. anything where the servers are not connected to the Internet and do not even have every-few-days Internet access). Neither of these use cases are handled well by web browsers. (DNSSEC doesn’t help either, of course.)