Re: [certid] [TLS] [secdir] secdir review of draft-saintandre-tls-server-id-check-09

Marsh Ray <marsh@extendedsubset.com> Wed, 22 September 2010 19:57 UTC

Message-ID: <4C9A5FA8.7050605@extendedsubset.com>
Date: Wed, 22 Sep 2010 14:57:28 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8
MIME-Version: 1.0
To: ArkanoiD <ark@eltex.net>
References: <AANLkTin6qXBOEJheaG8+SU=3k63Ed+3qXvoLHF5_hb6x@mail.gmail.com> <4C9A27D0.7030909@stpeter.im> <17472_1285173298_o8MGYvUB005723_AANLkTinAdE0qVxqUEBNe3ZWCry856bresv+x2Ga7Urju@mail.gmail.com> <86E28295D464B450ECA5B1D5@lysithea.fac.cs.cmu.edu> <20100922183143.GA23200@eltex.net> <4C9A5B13.1040802@extendedsubset.com>
In-Reply-To: <4C9A5B13.1040802@extendedsubset.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: IETF discussion list <ietf@ietf.org>, secdir@ietf.org, Barry Leiba <barryleiba.mailing.lists@gmail.com>, IETF cert-based identity <certid@ietf.org>, tls@ietf.org, Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: [certid] [TLS] [secdir] secdir review of draft-saintandre-tls-server-id-check-09
Precedence: list

On 09/22/2010 01:31 PM, ArkanoiD wrote:
 > BTW, slightly offtopic here: whenever i connect to gmail.com, i get
 > certificate for mail.google.com. But i've yet to see any web browser
 > to complain! Where is the magic?

On 09/22/2010 02:37 PM, Marsh Ray wrote:
>
> Hopefully I'm overlooking something simple, but at first glance it would
> seem like either of these two conditions are true:
>
> 1. Multiple vendors are putting some kind of override table in their
> browsers with an entry for gmail.com.

This search
http://mxr.mozilla.org/mozilla1.9.2/search?string=[^%40]gmail.com&regexp=1&hitlimit=&tree=mozilla1.9.2

Doesn't return any hits. That search page is a little tricky though. It 
kept wanting to change my "^@" to "\0"! :-)

Which suggests that:
> 2. Browsers are running script from badly authenticated sources.

- Marsh

[certid] Fwd: secdir review of draft-saintandre-t… Peter Saint-Andre
Re: [certid] Fwd: secdir review of draft-saintand… Henry B. Hotz
Re: [certid] Fwd: secdir review of Martin Rex
Re: [certid] Fwd: secdir review of draft-saintand… Matt McCutchen
Re: [certid] Fwd: secdir review of draft-saintand… Matt McCutchen
Re: [certid] Fwd: secdir review of Martin Rex
Re: [certid] Fwd: secdir review of draft-saintand… Matt McCutchen
Re: [certid] Fwd: secdir review of draft-saintand… Phillip Hallam-Baker
Re: [certid] Fwd: secdir review of Martin Rex
Re: [certid] Fwd: secdir review of Henry B. Hotz
Re: [certid] Fwd: secdir review of Martin Rex
Re: [certid] Fwd: secdir review of Martin Rex
[certid] DNSSEC-based name canonicalization Matt McCutchen
[certid] Wildcards for serving untrusted web cont… Matt McCutchen
Re: [certid] DNSSEC-based name canonicalization Martin Rex
Re: [certid] DNSSEC-based name canonicalization Peter Gutmann
Re: [certid] secdir review of draft-saintandre-tl… Peter Saint-Andre
Re: [certid] Fwd: secdir review of draft-saintand… Peter Saint-Andre
Re: [certid] [secdir] secdir review of draft-sain… Peter Saint-Andre
Re: [certid] secdir review of draft-saintandre-tl… Barry Leiba
Re: [certid] Fwd: secdir review of draft-saintand… Barry Leiba
Re: [certid] secdir review of draft-saintandre-tl… Peter Saint-Andre
Re: [certid] [secdir] secdir review of draft-sain… Peter Saint-Andre
Re: [certid] [secdir] secdir review of draft-sain… Jeffrey Hutzelman
Re: [certid] [secdir] secdir review of draft-sain… Jeffrey Hutzelman
Re: [certid] [secdir] secdir review of draft-sain… Peter Saint-Andre
Re: [certid] [secdir] secdir review of draft-sain… ArkanoiD
Re: [certid] [TLS] [secdir] secdir review of draf… Marsh Ray
Re: [certid] [TLS] [secdir] secdir review of draf… Jeffrey A. Williams
Re: [certid] [TLS] [secdir] secdir review of draf… Marsh Ray
Re: [certid] [TLS] [secdir] secdir Martin Rex
Re: [certid] [TLS] [secdir] secdir review of draf… Richard L. Barnes
Re: [certid] [TLS] [secdir] secdir review of draf… Marsh Ray
[certid] Bad certificate handling Matt McCutchen
Re: [certid] [TLS] [secdir] secdir review of Martin Rex
Re: [certid] [TLS] [secdir] secdir review of Robert Relyea
Re: [certid] [TLS] [secdir] secdir review of draf… =JeffH
Re: [certid] [TLS] [secdir] secdir review of Nicolas Williams
Re: [certid] DNSSEC-based name canonicalization Peter Saint-Andre