IETF Logo Mail Archive

Re: [TLS] Connection diversion to other subdomains

Martin Rex <mrex@sap.com> Fri, 29 October 2010 19:25 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 649863A6821 for <tls@core3.amsl.com>; Fri, 29 Oct 2010 12:25:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.901
X-Spam-Level:
X-Spam-Status: No, score=-9.901 tagged_above=-999 required=5 tests=[AWL=0.348, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r7IDbhaG8NIv for <tls@core3.amsl.com>; Fri, 29 Oct 2010 12:25:23 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 30BA23A67D1 for <tls@ietf.org>; Fri, 29 Oct 2010 12:25:23 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o9TJRFEd009347 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 29 Oct 2010 21:27:15 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201010291927.o9TJREsv012079@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com
Date: Fri, 29 Oct 2010 21:27:14 +0200
In-Reply-To: <4CCAE36B.3030403@extendedsubset.com> from "Marsh Ray" at Oct 29, 10 10:08:27 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal03
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Connection diversion to other subdomains
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2010 19:25:24 -0000

Marsh Ray wrote:
> 
> On 10/27/2010 11:01 PM, Matt McCutchen wrote:
> > Strictly speaking, this is a vulnerability.  Usually the
> > effect is just goofy, though on one major web site which I won't name,
> > it led to XSS.
> >
> > How can I get the message out to holders of wildcard certificates that
> > they should prevent this attack?
> 
> I've always been suspicious of wildcard certs, but didn't have real 
> ammunition to argue against them. You may have identified one, but 
> people may point out that it's only an issue in combination with the 
> known problem of HTTP servers accepting invalid Host headers.

This is NOT an attack on TLS or TLS server certs.  And the assumption
that the use of TLS would prevent a behaviour that exists just the
same for this server on port 80 is naive.

Virtual hosting of Web Servers is a convenience function,
and whether and how much seperation of content actually exists
is completely at the discretion of the server.

The use of TLS provides a protected communication channel between
two endpoints.  It does not add anything to the trustworthyness
of the communication within.  Any server features visible on port 80
will likely be available in just the same fashion on port 443.


The Garbage-in, garbage-out principle is not affected by replacing
the garbage truck with an armoured car with security guards while
still delivering the very same contents of the very same garbage bins.

-Martin

v2.23.0 | Report a Bug | By Email