Re: [certid] [cabfman] fyi: newly revised version: draft-saintandre-tls-server-id-check
Peter Saint-Andre <stpeter@stpeter.im> Tue, 09 November 2010 02:15 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 168CC28C233 for <certid@core3.amsl.com>;
Mon, 8 Nov 2010 18:15:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.518
X-Spam-Level:
X-Spam-Status: No, score=-102.518 tagged_above=-999 required=5 tests=[AWL=0.081,
BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVKF3MaMtlQz for
<certid@core3.amsl.com>; Mon, 8 Nov 2010 18:15:40 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com
(Postfix) with ESMTP id AB4FF28C17F for <certid@ietf.org>;
Mon, 8 Nov 2010 18:15:24 -0800 (PST)
Received: from dhcp-732c.meeting.ietf.org (dhcp-732c.meeting.ietf.org
[130.129.115.44]) (Authenticated sender: stpeter) by stpeter.im (Postfix)
with ESMTPSA id ACE7140BB9; Mon, 8 Nov 2010 19:24:57 -0700 (MST)
Message-ID: <4CD8AED0.6030207@stpeter.im>
Date: Tue, 09 Nov 2010 10:15:44 +0800
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: "Eddy Nigg (StartCom Ltd.)" <eddy_nigg@startcom.org>
References: <44D08E6900CFC84288DDB4F41852C87A858B53F20D@DEN-MEXMS-001.corp.ebay.com>
<4CBF4705.4040604@startcom.org>
In-Reply-To: <4CBF4705.4040604@startcom.org>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms010106020101090407030807"
Cc: certid@ietf.org, "Hodges, Jeff" <jeff.hodges@paypal-inc.com>
Subject: Re: [certid] [cabfman] fyi: newly revised
version: draft-saintandre-tls-server-id-check
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 02:15:42 -0000
On 10/21/10 3:46 AM, Eddy Nigg (StartCom Ltd.) wrote:
>
> On 10/20/2010 08:28 PM, From Hodges, Jeff:
>
>> o Move away from the issuance of so-called wildcard certificates
>> (e.g., a certificate containing an identifier for
>> "*.example.com").
>
> However I'm not sure why wild cards should be prohibited, since this is
> perfectly standard compliant. There are valid use-cases for wild cards
> and in fact some of the biggest companies on the Internet are prevented
> from using EV certificates exactly because of this prohibition (to use
> wild cards with EV). I suggest to reconsider this recommendation.
Hi Eddy, the security considerations currently read as follows:
###
5.2. Wildcard Certificates
This document states that the wildcard character '*' SHOULD NOT be
included in presented identifiers but MAY be checked by application
clients (mainly for the sake of backward compatibility with existing
infrastructure); as a result, the rules provided in this document are
more restrictive than the rules for many existing application
technologies (see Appendix A). Several security considerations
justify tightening the rules:
o The inclusion of the wildcard character in certificates has led to
homograph attacks involving non-ASCII characters that look similar
to characters commonly included in HTTP URLs, such as "/" and "?";
for discussion, see for example [Defeating-SSL] (beginning at
slide 91).
o The ability to obtain a certificate containing the wildcard
character might broaden the range of applications services that an
attacker could forge, thus increasing (a) the chances that
attackers would attempt to steal credentials needed for obtaining
certificates and (b) the potential damage that would result from a
successful attack.
o Specifications for existing application technologies are not clear
about whether the wildcard character is allowed only as the
complete left-most label (e.g., *.example.com), some fragment of
the left-most label (e.g., foo*.example.com, f*o.example.com, or
*oo.example.com), or even all or part of a label other than the
left-most label (e.g., www.*.example.com or www.foo*.example.com);
nor are they clear about whether a presented identifier can
include more than one instance of the wildcard character (e.g.,
f*b*r.example.com or *.*.example.com). These ambiguities might
introduce exploitable differences in identity checking behavior
among client implementations and necessitate overly complex and
inefficient identity checking algorithms.
Notwithstanding the foregoing security considerations, profiles of
this specification can legitimately encourage continued support for
the wildcard character if they have good reasons to do so, such as
backward compatibility with deployed infrastructure.
###
Do you think that those justifications are not compelling? On the client
side we've moved from SHOULD NOT to MAY, and I would be open to saying
that wildcards are truly optional on the CA side as well, if we think
that (1) they are valuable and (2) they do not have undesirable security
properties.
Peter
--
Peter Saint-Andre
https://stpeter.im/
- Re: [certid] [cabfman] fyi: newly revised version… Eddy Nigg (StartCom Ltd.)
- Re: [certid] [cabfman] fyi: newly revised version… Jeffrey A. Williams
- Re: [certid] [cabfman] fyi: newly revised version… Peter Saint-Andre
- Re: [certid] [cabfman] fyi: newly revised version… Eddy Nigg (StartCom Ltd.)