Re: [TLS] [secdir] secdir review of draft-saintandre-tls-server-id-check-09

[Jeffrey Hutzelman <jhutz@cmu.edu>]

--On Wednesday, September 22, 2010 12:34:50 PM -0400 Barry Leiba 
<barryleiba.mailing.lists@gmail.com> wrote:

> There's a distinction, here, between a protocol and a user interface
> for configuration.  My mother doesn't know whom to trust, except that
> she knows that she (at least kinda-sorta) trusts the mail program
> she's decided to use, and an entity she calls "gmail" (not
> "google.com", not "gmail.com", but just "gmail").  She's relying to
> the mail program's "easy configuration feature" to sort this out.
>
> The text I reviewed appeared to be saying normative things about what
> client software MUST and MUST NOT do with regard to this sort of
> configuration situation, which goes well beyond what the client
> software is doing on the wire.  Unless I'm mis-reading it, it's
> explicitly saying that my client software is not allowed to do
> something like this, for example:
> 1. Ask the user, "What email service do you use?"
> 2. Receive the answer "gmail" from the user.
> 3. Auto-configure itself for the known gmail servers based only on
> that user input.

I think that's reasonable behavior _if_ the mail client knows that "gmail" 
is "mail.google.com".  What's _not_ reasonable is for it to arbitrarily 
transform "gmail" into a domain by adding ".com", then look up "gmail.com" 
and see that it is an alias for "mail.google.com" and not only follow the 
(insecure) alias to mail.google.com but also use it to decide that 
"mail.google.com" is an appropriate name to find in a certificate.

If your mother's mail client does that, then all I have to do to steal her 
password is convince said client that "gmail.com" is actually an alias for 
"stealgmailpassword.attacker.org".