IETF Logo Mail Archive

Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate

"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Wed, 04 August 2010 21:10 UTC

Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AC363A6A49; Wed, 4 Aug 2010 14:10:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qTPcYkGOBCA; Wed, 4 Aug 2010 14:10:09 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id A9A223A6A48; Wed, 4 Aug 2010 14:10:08 -0700 (PDT)
Received: from acorna.invalid.invalid (219.71.202.84.customer.cdi.no [84.202.71.219]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o74LAXmQ002331 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 4 Aug 2010 21:10:35 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Marsh Ray <marsh@extendedsubset.com>, Martin Rex <mrex@sap.com>
References: <201008042039.o74Kd8TP014387@fs4113.wdf.sap.corp>
Date: Wed, 04 Aug 2010 23:10:30 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.vgxmfsfrqrq7tp@acorna.invalid.invalid>
In-Reply-To: <201008042039.o74Kd8TP014387@fs4113.wdf.sap.corp>
User-Agent: Opera Mail/10.60 (Win32)
Cc: pkix@ietf.org, tmiller@mitre.org, tls@ietf.org
Subject: Re: [TLS] [pkix] New version of Multiple OCSP mode of Certificate
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 21:10:10 -0000

On Wed, 04 Aug 2010 22:39:08 +0200, Martin Rex <mrex@sap.com> wrote:

> Marsh Ray wrote:
>>
>> For example, is this outbound connection willing to authenticate with
>> the credentials of the user? Nearly every form of user credentials have
>> turned out to be forwardable in one way or another.
>
> Possible problems;+
>
> That crafted AIA-request could potentially "leak" information,
> including sensitive information through a protocol of the attackers
> choice to a target of the attackers choice (cookies, other
> http-header-field contents, http-refererrers, basic authentication
> credentials).

Opera's AIA/OCSP/CRL requests are sent with cookies, referrers, etc.  
disabled; and additionally anything which would cause a user-interaction  
will immediately cause the request to fail.

At most the request will display what it sends to other server from a  
clean install, the usual set of Accept headers and other normal HTTP  
headers.

> That crafted AIA-request could be accessing resources that are not
> accessible to the attacker himself with a protocol of the attackers  
> choice
> and result in reaction that help the attacker in carrying out a more
> complex attack (like opening ports on a NAT-style firewall).

Opera have policies in place that prevent many kinds of cross  
network-category attacks, including that one.

As for AIA itself, I will note that it is documented in RFC 5280, sec.  
4.2.2.1 for precisely the purpose it is being used for by Opera

    In a public key certificate, the id-ad-caIssuers OID is used when the
    additional information lists certificates that were issued to the CA
    that issued the certificate containing this extension.  The
    referenced CA issuers description is intended to aid certificate
    users in the selection of a certification path that terminates at a
    point trusted by the certificate user.

The kind of crafted URLs you are concerned about can also be injected by  
way of OCSP and CRL URLs, and OCSP is AFAICT actually supported by more  
clients than AIA CA.

Also, injecting those URLs also indicate either the ability to trick the  
user into visiting the malicious site, or the attacker already have  
complete control over the user's unencrypted connection, in which case  
there are far easier ways to inject such URLs for most purposes.

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

v2.23.0 | Report a Bug | By Email