IETF Logo Mail Archive

Re: [TLS] [pkix] Accessing arbitrary AIA URLs

Matt McCutchen <matt@mattmccutchen.net> Sun, 15 August 2010 06:31 UTC

Return-Path: <matt@mattmccutchen.net>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6FB93A6898; Sat, 14 Aug 2010 23:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level:
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[AWL=0.201, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9TdIdBBmbvD; Sat, 14 Aug 2010 23:31:02 -0700 (PDT)
Received: from homiemail-a62.g.dreamhost.com (mx1.spunky.mail.dreamhost.com [208.97.132.47]) by core3.amsl.com (Postfix) with ESMTP id AD2783A688A; Sat, 14 Aug 2010 23:31:02 -0700 (PDT)
Received: from homiemail-a62.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a62.g.dreamhost.com (Postfix) with ESMTP id D424863406F; Sat, 14 Aug 2010 23:31:37 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=Anc30K/Px9cpq2b/4x1aKP5LIgEfpAmLO0/GPOtdfWi qyb2a+k4gF6Btt5scI3cYQPeZ/v6PY3mLNreyKdWXu1wWMUHQzaoO5jTxQ+z2fND fTRd39somc3x/Jg3yY5c4dkZ/VDDIiMeEDtJN9KKAXiXSOolzvLbEd3nj7VEbKSk =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=RNhCFYUwSTbj6ZZGhUwRLERsuDU=; b=S0ZDiFyhXf 9Uo10Db/TJMdrlyuxnmzphPZmFAPKfzsx5eYzUW+XO/Gm6H+QwIlcAe9YA4kJF8T OYAn0uGvkLpEkCZzY1n9hnANrdglygOgUaFem2cYix+19gXCISuLiiRLZtHIJGfb /+lFPxAIFIKvL4tPU2V/9iZjuUDEszSXg=
Received: from [10.10.6.3] (unknown [216.38.153.2]) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a62.g.dreamhost.com (Postfix) with ESMTPA id 86742634064; Sat, 14 Aug 2010 23:31:35 -0700 (PDT)
From: Matt McCutchen <matt@mattmccutchen.net>
To: pkix@ietf.org, tls@ietf.org
In-Reply-To: <op.vgxmfsfrqrq7tp@acorna.invalid.invalid>
References: <201008042039.o74Kd8TP014387@fs4113.wdf.sap.corp> <op.vgxmfsfrqrq7tp@acorna.invalid.invalid>
Content-Type: text/plain; charset="UTF-8"
Date: Sat, 14 Aug 2010 23:31:34 -0700
Message-ID: <1281853894.2621.131.camel@mattlaptop2.local>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] [pkix] Accessing arbitrary AIA URLs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 06:31:03 -0000

On Wed, 2010-08-04 at 23:10 +0200, Yngve N. Pettersen (Developer Opera
Software ASA) wrote:
> On Wed, 04 Aug 2010 22:39:08 +0200, Martin Rex <mrex@sap.com> wrote:
> > That crafted AIA-request could be accessing resources that are not
> > accessible to the attacker himself with a protocol of the attackers  
> > choice
> > and result in reaction that help the attacker in carrying out a more
> > complex attack (like opening ports on a NAT-style firewall).
> 
> Opera have policies in place that prevent many kinds of cross  
> network-category attacks, including that one.

Mozilla is also working on preventing attacks on internal networks:

https://bugzilla.mozilla.org/show_bug.cgi?id=354493

But internal networks are not necessarily the only networks to which the
victim may have access that the attacker doesn't.

-- 
Matt

v2.23.0 | Report a Bug | By Email