Do CAA, CT, and DANE Interlink in Certificate Deployments? A Web PKI Measurement Study

TL;DR

This study analyzes the deployment and consistency of CAA, DNSSEC, TLSA, and CT logs across 4 million domains, revealing deployment patterns, misconfigurations, and gaps in web PKI security practices.

Contribution

It provides the first large-scale measurement of the interlinking and deployment patterns of CAA, DNSSEC, TLSA, and CT logs in real-world domain certificates.

Findings

CAA is mainly used without DNSSEC.

DNSSEC-protected domains often do not use DNS for certificate guarding.

TLSA records are poorly maintained and sometimes lack DNSSEC.

Abstract

Integrity and trust on the web build on X.509 certificates. Misuse or misissuance of these certificates threaten the Web PKI security model, which led to the development of several guarding techniques. In this paper, we study the DNS/DNSSEC records CAA and TLSA as well as CT logs from the perspective of the certificates in use. Our measurements comprise 4 million popular domains, for which we explore the existence and consistency of the different extensions. Our findings indicate that CAA is almost exclusively deployed in the absence of DNSSEC, while DNSSEC protected service names tend to not use the DNS for guarding certificates. Even though mainly deployed in a formally correct way, CAA CA-strings tend to not selectively separate CAs, and numerous domains hold certificates beyond the CAA semantic. TLSA records are repeatedly poorly maintained and occasionally occur without DNSSEC.