Re: clarifications needed re safe form editor cert matching algorithm from Ian Fette on 2007-10-11 (public-wsc-wg@w3.org from October 2007)

From: Ian Fette <ifette@google.com>
Date: Thu, 11 Oct 2007 14:48:48 -0700
To: "Serge Egelman" <egelman@cs.cmu.edu>
Cc: "Close, Tyler J." <tyler.close@hp.com>, public-wsc-wg@w3.org
Message-ID: <bbeaa26f0710111448o4f181bf5j8f445de283691843@mail.gmail.com>
The need to warn comes in around something like googlepages.com. Right now,
the management is all under pages.google.com and we use a SSL cert for
google.com for login etc. But it is conceivable that at some point we might
actually want to SSL enable https://www.googlepages.com for login, or who
knows what. (This is wild speculation, I don't work on the project, this is
just an example). So we would then need a cert for googlepages.com. But user
content is located at username.googlepages.com, and we really don't want to
attest to anything about the identity of whatever is found at those
locations. So when you try to load https://ifette.googlepages.com under this
scenario (where googlepages.com is actually ssl enabled and serving up
something), you had better get a warning.

Subdomains are not *always* controlled (or rather, authored / attested to)
by the owner of the higher-level domain, and it's not always a safe
assumption to make. You can make arguments about www being a special case,
but beyond that...

-Ian

On 10/11/07, Serge Egelman <egelman@cs.cmu.edu> wrote:
>
> This is an error I'm trying to do some research on, maybe someone can
> shed some light on it.  There are thousands of legitimate sites that
> have this problem, either because they don't use an alt-name, or the
> certificate is being used on some other subdomain of their domain.
>
> In the case where one certificate is being used by another host within
> the domain that it was legitimately issued for, I'm not entirely sure
> what the threat model is.  Sure, this is a great way for CAs to make
> money (by either making a site buy a new certificate for every host or
> making them buy a wildcard cert), but beyond this, what's the need to
> warn?
>
> Yes, the DNS can be hacked to add in a new hostname, but at that point
> there are bigger problems.
>
> serge
>
> Ian Fette wrote:
> > bankofamerica.com <http://bankofamerica.com> does not use an alt-name.
> > What's the point? (And for those of us who aren't using IE7, I'm
> > assuming you just get a common name mismatch error, or what?) if eBay
> > uses it, then I think you need to be worried about breaking it.
> >
> > On 10/11/07, *Close, Tyler J.* <tyler.close@hp.com
> > <mailto:tyler.close@hp.com>> wrote:
> >
> >     Perhaps there's some way to finesse this part of the algorithm by
> >     reference to RFC 2818. I'll work on it.
> >
> >     Many sites don't seem to be using this cert feature. For a fun
> >     example, visit the following URL using IE7.
> >
> >     https://bankofamerica.com/
> >
> >     --Tyler
> >
> >
> ------------------------------------------------------------------------
> >         *From:* Ian Fette [mailto:ifette@google.com
> >         <mailto:ifette@google.com>]
> >         *Sent:* Thursday, October 11, 2007 12:48 PM
> >         *To:* Close, Tyler J.
> >         *Cc:* public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>
> >         *Subject:* Re: clarifications needed re safe form editor cert
> >         matching algorithm
> >
> >         It is in huge use. For example. if you go to
> >         https://signin.ebay.com and look at the cert - the CN is
> >         signin.ebay.com <http://signin.ebay.com> but the certificate
> >         subject alt name lists:
> >
> >         Not Critical
> >         DNS Name: signin.cafr.ebay.ca <http://signin.cafr.ebay.ca>
> >         DNS Name: signin.ebay.ca <http://signin.ebay.ca>
> >         DNS Name: signin.ebay.com.au <http://signin.ebay.com.au>
> >         DNS Name: signin.ebay.com.cn <http://signin.ebay.com.cn>
> >         DNS Name: signin.express.ebay.com <
> http://signin.express.ebay.com>
> >         DNS Name: signin.half.ebay.com <http://signin.half.ebay.com>
> >         DNS Name: signin.liveauctions.ebay.com
> >         <http://signin.liveauctions.ebay.com>
> >         DNS Name: signin.shopping.ebay.com <
> http://signin.shopping.ebay.com>
> >         DNS Name: signin.tw.ebay.com <http://signin.tw.ebay.com>
> >         DNS Name: signin.ebay.com <http://signin.ebay.com>
> >
> >         and if you go to https://signin.ebay.de you again get a cert
> >         with CN= signin.ebay.com <http://signin.ebay.com> but alt names
> of:
> >         Not Critical
> >         DNS Name: signin.befr.ebay.be <http://signin.befr.ebay.be>
> >         DNS Name: signin.benl.ebay.be <http://signin.benl.ebay.be>
> >         DNS Name: signin.ebay.at <http://signin.ebay.at>
> >         DNS Name: signin.ebay.be <http://signin.ebay.be>
> >         DNS Name: signin.ebay.co.uk <http://signin.ebay.co.uk>
> >         DNS Name: signin.ebay.de <http://signin.ebay.de>
> >         DNS Name: signin.ebay.es <http://signin.ebay.es>
> >         DNS Name: signin.ebay.fr <http://signin.ebay.fr>
> >         DNS Name: signin.ebay.ie <http://signin.ebay.ie>
> >         DNS Name: signin.ebay.nl <http://signin.ebay.nl>
> >         DNS Name: signin.express.ebay.co.uk
> >         <http://signin.express.ebay.co.uk>
> >         DNS Name: signin.ebay.com <http://signin.ebay.com>
> >
> >
> >         So yeah, it's important.
> >         On 10/11/07, *Close, Tyler J.* <tyler.close@hp.com
> >         <mailto:tyler.close@hp.com>> wrote:
> >
> >
> >
> >
> >             Thomas Roessler wrote:
> >             > going through the matching algorithm while folding it
> in...
> >             >
> >             > - The current language confuses attributes and fields.  I
> >             suspect
> >             >   that you mean the various attributes of the Subject
> >             certificate
> >             >   field.  Please confirm.
> >
> >             The CN, O, L, ST and C values I refer to are the ones in the
> set
> >             referred to by the Subject field in the end entity
> >             certificate. Not sure
> >             how to be any more specific about this in PKIXese.
> >
> >             > - I notice that you have some rules that concern matching
> >             the CN
> >             >   attribute, but none concerning subjectAltName.  I'm
> happy to
> >             >   simply track this point as an issue.
> >
> >             Could you point me to a document covering the semantics of
> >             subjectAltName? Is it in use in X.509 certs on the Web?
> >
> >             > Also, I'll open an issue to track the "PKI orthodoxy"
> >             remarks that
> >             > Hal had made at the face-to-face, and will link to that
> >             issue from
> >             > the draft.
> >
> >             Thanks,
> >             --Tyler
> >
> >
> >
>
> --
> /*
> Serge Egelman
>
> PhD Candidate
> Vice President for External Affairs, Graduate Student Assembly
> Carnegie Mellon University
>
> Legislative Concerns Chair
> National Association of Graduate-Professional Students
> */
>
Received on Thursday, 11 October 2007 21:49:25 UTC