IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

"Hallam-Baker, Phillip" <pbaker@verisign.com> Mon, 23 February 2009 18:40 UTC

Return-Path: <pbaker@verisign.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59F2D3A68B0 for <saag@core3.amsl.com>; Mon, 23 Feb 2009 10:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.713
X-Spam-Level:
X-Spam-Status: No, score=-5.713 tagged_above=-999 required=5 tests=[AWL=-0.512, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4, WHOIS_NETSOLPR=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvhhCxBUfYzq for <saag@core3.amsl.com>; Mon, 23 Feb 2009 10:40:17 -0800 (PST)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id 4F4C43A6872 for <saag@ietf.org>; Mon, 23 Feb 2009 10:40:17 -0800 (PST)
Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id n1NIeOTa014113; Mon, 23 Feb 2009 10:40:24 -0800
Received: from MOU1WNEXMB09.vcorp.ad.vrsn.com ([10.25.15.197]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 23 Feb 2009 10:40:24 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C995E6.2FDE36A2"
Date: Mon, 23 Feb 2009 10:40:23 -0800
Message-ID: <2788466ED3E31C418E9ACC5C3166155768B2BC@mou1wnexmb09.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] SHA-1 to SHA-n transition
Thread-Index: AcmV3dX8S70ll9ZGRXCl2Gt+Qpw/pwABftlM
References: <p06240802c5c5c22d92f0@[128.89.89.88]><20090222020709.8621A50822@romeo.rtfm.com><p06240803c5c7b1aae38e@[169.223.35.46]> <20090223180317.68AB850822@romeo.rtfm.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Eric Rescorla <ekr@networkresonance.com>, Stephen Kent <kent@bbn.com>
X-OriginalArrivalTime: 23 Feb 2009 18:40:24.0767 (UTC) FILETIME=[30A164F0:01C995E6]
Cc: saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2009 18:40:22 -0000

The basic attack was to obtain a domain name in a zone that does not have I18N homograph protection on by default (e.g. example.cn) then look for a homograph character for /
 
Then set a domain name http://anysite.com/padding/.example.cn/ which will bind to a wildcard. Where com/padding/ is actually a single DNS label with two lookalikes for / in it.
 
The same thing is done today with http://anysite.comlpaddingI.example.com/
 
 
However the presenter is not entirely correct in his claims
 
* The wildcard attack does not affect EV as claimed as wildcards are prohibited in EV certs. 
* Contrary to the presenter's claims, there is nothing that obligates him to release exploit code
* The presenter fails to mention that at least one of the sites he uses as an example of a password submission form on an unprotected page has not been configured that way for over two years, point of that example seems to have been that he got himself on TV.
* No mention at all of the W3C Web Security Context Working Group that was set up to make recommendations on these UI issues and currently has a document about to enter last call.
 
All in all, folk who are watching presentations on social engineering exploits should always ask themselves who is being socially engineered and for what purpose.
 
 
________________________________

From: saag-bounces@ietf.org on behalf of Eric Rescorla
Sent: Mon 2/23/2009 1:03 PM
To: Stephen Kent
Cc: saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition



At Sun, 22 Feb 2009 20:53:04 -0500,
Stephen Kent wrote:
>
> At
> >...
> >>  Another vulnerability, and matching MITM attack, is enabled by the
> >>  issuance of certs that contain wildcard DNS names. This is not, a
> >>  violation of P3, because PKIX caved to pressure from the TLS WG, to
> >>  accommodate web site operators who wanted to purchase one cert from a
> >>  TTP that could be used to verify the EE certs for multiple web sites.
> >>  I argued against this, but lost. The phrase "I told you so" comes to
> >>  mind :-).
> >
> >Can you briefly describe how this leads to MITM attacks? This is something
> >I haven't heard before.
>
> Look at the latter half of these slides for his description of the
> role that wildcard DNS names on certs play in one class of attacks.
>
> <https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf>

This gets me a 404 as well.

-Ekr
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email