Revocation of X.509 Certificates

DNS and PKI. Two of the most centralized services in the Internet. Take over both of them, and you have the whole net under your command.

> At this point, why not just use DANE

Interests of the existing PKI industry may be the source of some friction, but the bigger issue is that DANE depends on DNSSEC, which is not widely deployed, and sometimes actively avoided due to its complexity and ease of breaking you site.

Don't get me wrong, I'd love it if DANE, or something similar caught on, but I don't think it is practical until something changes to make DNSSEC (or equivalent) common.

Was this AI-generated? It seems to keep circling around the same points and have some major misunderstandings.

> If that is the case, why should the server convey the certificate and the OCSP status to the client and defer to the client on the decision not to proceed with the TLS connection? Why shouldn’t the server simply terminate the TLS connection immediately itself?

Why does it matter? You're talking about a scenario that should essentially never happen, who cares about slightly suboptimal performance at that point?

> CRLs only really work efficiently when nobody revokes certificates.

Revocation is an emergency measure, not a routine one. That's ok.

> At this point, why not just use DANE (RFC 6698), store the public keys in the DNS, rely on DNSSEC to provide the necessary authenticity, and use DNS TTL settings to control the cached lifetime of the public key?

Because DNS' multilayered caching makes it notoriously impossible to operate safely or debug. Most large outages already originate in DNS issues; putting the crypto in that layer would redouble it.