Re: [secdir] secdir review of draft-saintandre-tls-server-id-check-09
Peter Saint-Andre <stpeter@stpeter.im> Wed, 22 September 2010 18:18 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 963D73A6A58; Wed, 22 Sep 2010 11:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.556
X-Spam-Level:
X-Spam-Status: No, score=-102.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xN7CQuKlMNM9; Wed, 22 Sep 2010 11:18:27 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 771133A6A30; Wed, 22 Sep 2010 11:18:27 -0700 (PDT)
Received: from moveme.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id C397140074; Wed, 22 Sep 2010 12:23:48 -0600 (MDT)
Message-ID: <4C9A488D.20705@stpeter.im>
Date: Wed, 22 Sep 2010 12:18:53 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.12) Gecko/20100914 Thunderbird/3.0.8
MIME-Version: 1.0
To: Jeffrey Hutzelman <jhutz@cmu.edu>
References: <AANLkTin6qXBOEJheaG8+SU=3k63Ed+3qXvoLHF5_hb6x@mail.gmail.com> <4C9A27D0.7030909@stpeter.im> <17472_1285173298_o8MGYvUB005723_AANLkTinAdE0qVxqUEBNe3ZWCry856bresv+x2Ga7Urju@mail.gmail.com> <86E28295D464B450ECA5B1D5@lysithea.fac.cs.cmu.edu>
In-Reply-To: <86E28295D464B450ECA5B1D5@lysithea.fac.cs.cmu.edu>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 24 Sep 2010 08:05:27 -0700
Cc: IETF cert-based identity <certid@ietf.org>, secdir@ietf.org, Barry Leiba <barryleiba.mailing.lists@gmail.com>, IETF discussion list <ietf@ietf.org>, tls@ietf.org
Subject: Re: [secdir] secdir review of draft-saintandre-tls-server-id-check-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Sep 2010 18:18:28 -0000
On 9/22/10 12:14 PM, Jeffrey Hutzelman wrote: > --On Wednesday, September 22, 2010 12:34:50 PM -0400 Barry Leiba > <barryleiba.mailing.lists@gmail.com> wrote: > >> There's a distinction, here, between a protocol and a user interface >> for configuration. My mother doesn't know whom to trust, except that >> she knows that she (at least kinda-sorta) trusts the mail program >> she's decided to use, and an entity she calls "gmail" (not >> "google.com", not "gmail.com", but just "gmail"). She's relying to >> the mail program's "easy configuration feature" to sort this out. >> >> The text I reviewed appeared to be saying normative things about what >> client software MUST and MUST NOT do with regard to this sort of >> configuration situation, which goes well beyond what the client >> software is doing on the wire. Unless I'm mis-reading it, it's >> explicitly saying that my client software is not allowed to do >> something like this, for example: >> 1. Ask the user, "What email service do you use?" >> 2. Receive the answer "gmail" from the user. >> 3. Auto-configure itself for the known gmail servers based only on >> that user input. > > I think that's reasonable behavior _if_ the mail client knows that > "gmail" is "mail.google.com". What's _not_ reasonable is for it to > arbitrarily transform "gmail" into a domain by adding ".com", then look > up "gmail.com" and see that it is an alias for "mail.google.com" and not > only follow the (insecure) alias to mail.google.com but also use it to > decide that "mail.google.com" is an appropriate name to find in a > certificate. > > If your mother's mail client does that, then all I have to do to steal > her password is convince said client that "gmail.com" is actually an > alias for "stealgmailpassword.attacker.org". In my experience, some user agents have interface elements such as a drop-down box that lists popular service providers, and the account configuration wizard behaves differently (e.g., asks for different information) depending on which popular service provider the user chooses. Peter -- Peter Saint-Andre https://stpeter.im/
- Re: [secdir] [TLS] secdir review of draft-saintan… =JeffH
- [secdir] secdir review of draft-saintandre-tls-se… Barry Leiba
- Re: [secdir] secdir review of draft-saintandre-tl… Jeffrey Hutzelman
- Re: [secdir] secdir review of draft-saintandre-tl… Barry Leiba
- Re: [secdir] secdir review of draft-saintandre-tl… Jeffrey Hutzelman
- Re: [secdir] secdir review of draft-saintandre-tl… Jeffrey Hutzelman
- Re: [secdir] [TLS] [certid] secdir review of draf… Richard L. Barnes
- Re: [secdir] secdir review of draft-saintandre-tl… Peter Saint-Andre
- Re: [secdir] secdir review of draft-saintandre-tl… Peter Saint-Andre
- Re: [secdir] secdir review of draft-saintandre-tl… Peter Saint-Andre
- Re: [secdir] secdir review of draft-saintandre-tl… Peter Saint-Andre
- Re: [secdir] secdir review of draft-saintandre-tl… Peter Saint-Andre
- Re: [secdir] [certid] secdir review of draft-sain… ArkanoiD
- Re: [secdir] [TLS] [certid] secdir review of draf… Marsh Ray
- Re: [secdir] [TLS] [certid] secdir review of draf… Jeffrey A. Williams
- Re: [secdir] [TLS] [certid] secdir review of draf… Marsh Ray
- Re: [secdir] [TLS] [certid] secdir review of draf… Marsh Ray
- Re: [secdir] [TLS] secdir review of Martin Rex
- Re: [secdir] [TLS] secdir review of Robert Relyea
- Re: [secdir] [TLS] secdir review of Nicolas Williams