- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Fri, 12 Oct 2007 10:25:58 -0400
- To: W3C WSC Public <public-wsc-wg@w3.org>
- Message-Id: <405671C9-4B8B-4033-A51C-6B89704C4D1C@mozilla.com>
Well hold up a second though. Correct me if I've got this wrong: - example.com has a non-wildcard, DV cert. - example.com gives out subdomains to people it doesn't particularly trust with the "example.com" name, people who might not even be hosted on the same server. - example.com wants to enable SSL So Ian's making the point that ifette.example.com shouldn't be allowed to use example.com's cert, and therefore that user agents are right to warn in that case. But ifette.example.com can't just decide to start using that cert without the private key, right? If the cert is otherwise valid, and the mismatch is confined to a subdomain, to me the question still remains as to whether that's a sensible warning - if not in absolute PKI orthodoxy terms, then at least in terms of false-positive/false- negative rate. If ifette can, without authorization, complete a TLS handshake with example.com's cert, there are bigger problems at play. I will offer that the counter-case, where "example.com" is presenting a cert issued to "ifette.example.com" is much more worrisome, since it is absolutely the case that deception could occur there. That I can obtain a subdomain of googlepages, or dyndns.org, or blogger.com - and prove that to a CA, should not allow me to quietly masquerade as the top level site. I think Serge was talking about the first case though - top-level non- wildcard DV cert being applied to a specific subdomain. Cheers, Johnathan On 11-Oct-07, at 8:47 PM, Ian Fette wrote: > Has some level of control, yes. But that doesn't address the second > case, where ifette.googlepages.com is a phishing site, and I don't > want Google's cert being used there... > > -Ian > > On 10/11/07, Serge Egelman <egelman@cs.cmu.edu> wrote: > That's not what I said. ianfette.googlepages.com is still under the > googlepages.com domain. The person who controls the googlepages.com > domain still has control over the other subdomains. > > serge > > Ian Fette wrote: > > Not really... you have absolutely no way of knowing that > > ianfette.googlepages.com <http://ianfette.googlepages.com> is on the > > same server as googlepages.com < http://googlepages.com>. Given our > > architecture, I have no idea. It's a server we own, but it's not > > necessarily one of the googlepages.com < http://googlepages.com> > servers. > > > > Also though, let's say that you have a phishing site at > > https://ifette.googlepages.com - I don't really know that I want > a lock > > being displayed there, or whatever security indicators we > display, based > > on Google's certificate. Right now most free web hosts aren't giving > > users SSL (that I know of), and this would be an easy way for an > > attacker to get free SSL with a pretty good cert. Not really > ideal, and > > could even make us more of a target. Who knows, rampant > speculation past > > this point... > > > > -Ian > > > > On 10/11/07, *Serge Egelman* < egelman@cs.cmu.edu > > <mailto:egelman@cs.cmu.edu>> wrote: > > > > ...and in that case it's still accurate. > > > > serge > > > > Ian Fette wrote: > > > Well, it's still an attestation to some level. It's not an > attestation > > > that you're talking with Google, but it is an attestation > that you're > > > talking with google.com <http://google.com> <http:// > google.com>. > > But beyond that I have no > > > good answer. > > > > > > On 10/11/07, *Serge Egelman* < egelman@cs.cmu.edu > > <mailto:egelman@cs.cmu.edu > > > > <mailto:egelman@cs.cmu.edu <mailto:egelman@cs.cmu.edu>>> > wrote: > > > > > > Point taken. > > > > > > But what about certificates that are not > attestations? E.g., > > anything > > > non-EV? > > > > > > serge > > > > > > Ian Fette wrote: > > > > The need to warn comes in around something like > > googlepages.com <http://googlepages.com> > > > < http://googlepages.com> > > > > <http://googlepages.com>. Right now, the management > is all under > > > > pages.google.com <http://pages.google.com> > > <http://pages.google.com> < > > > http://pages.google.com> and we use a SSL cert for > > > > google.com <http://google.com> < http://google.com> > > <http://google.com> for login etc. > > > But it is conceivable that > > > > at some point we might actually want to SSL enable > > > > https://www.googlepages.com for login, or who knows > what. > > (This is > > > wild > > > > speculation, I don't work on the project, this is > just an > > example). So > > > > we would then need a cert for googlepages.com > > <http://googlepages.com> > > > < http://googlepages.com> <http://googlepages.com > > <http://googlepages.com>>. > > > > But user content is located at username.googlepages.com > > <http://username.googlepages.com> > > > < http://username.googlepages.com > > > > > <http://username.googlepages.com>, and we really > don't want to > > > attest to > > > > anything about the identity of whatever is found at > those > > > locations. So > > > > when you try to load https://ifette.googlepages.com > under this > > > scenario > > > > (where googlepages.com <http://googlepages.com> > > <http://googlepages.com> < > > > http://googlepages.com> is actually ssl enabled > > > > and serving up something), you had better get a warning. > > > > > > > > Subdomains are not *always* controlled (or rather, > authored > > / attested > > > > to) by the owner of the higher-level domain, and it's > not > > always a > > > safe > > > > assumption to make. You can make arguments about www > being a > > special > > > > case, but beyond that... > > > > > > > > -Ian > > > > > > > > On 10/11/07, *Serge Egelman* < egelman@cs.cmu.edu > > <mailto:egelman@cs.cmu.edu> > > > <mailto: egelman@cs.cmu.edu <mailto: egelman@cs.cmu.edu>> > > > > <mailto:egelman@cs.cmu.edu <mailto:egelman@cs.cmu.edu> > > <mailto: egelman@cs.cmu.edu <mailto:egelman@cs.cmu.edu>>>> > wrote: > > > > > > > > This is an error I'm trying to do some research > on, maybe > > > someone can > > > > shed some light on it. There are thousands of > legitimate > > > sites that > > > > have this problem, either because they don't use an > > alt-name, > > > or the > > > > certificate is being used on some other subdomain of > > their domain. > > > > > > > > In the case where one certificate is being used > by another > > > host within > > > > the domain that it was legitimately issued for, > I'm not > > > entirely sure > > > > what the threat model is. Sure, this is a great > way for CAs > > > to make > > > > money (by either making a site buy a new > certificate for > > every > > > host or > > > > making them buy a wildcard cert), but beyond this, > > what's the need > > > > to warn? > > > > > > > > Yes, the DNS can be hacked to add in a new > hostname, but at > > > that point > > > > there are bigger problems. > > > > > > > > serge > > > > > > > > Ian Fette wrote: > > > > > bankofamerica.com <http://bankofamerica.com> > > <http://bankofamerica.com> > > > < http://bankofamerica.com> < > > > > http://bankofamerica.com> does not use an alt-name. > > > > > What's the point? (And for those of us who aren't > > using IE7, I'm > > > > > assuming you just get a common name mismatch > error, or > > > what?) if eBay > > > > > uses it, then I think you need to be worried about > > breaking it. > > > > > > > > > > On 10/11/07, *Close, Tyler J.* <tyler.close@hp.com > > <mailto: tyler.close@hp.com> > > > <mailto:tyler.close@hp.com <mailto:tyler.close@hp.com>> > > > > <mailto: tyler.close@hp.com > <mailto:tyler.close@hp.com> > > <mailto:tyler.close@hp.com <mailto: tyler.close@hp.com>>> > > > > > <mailto: tyler.close@hp.com > > <mailto: tyler.close@hp.com> <mailto:tyler.close@hp.com > > <mailto:tyler.close@hp.com>> > > > <mailto: tyler.close@hp.com <mailto:tyler.close@hp.com> > > <mailto:tyler.close@hp.com <mailto: tyler.close@hp.com>>>>> > wrote: > > > > > > > > > > Perhaps there's some way to finesse this > part of the > > > algorithm by > > > > > reference to RFC 2818. I'll work on it. > > > > > > > > > > Many sites don't seem to be using this cert > > feature. For > > > a fun > > > > > example, visit the following URL using IE7. > > > > > > > > > > https://bankofamerica.com/ > > > > > > > > > > --Tyler > > > > > > > > > > > > > > > > > > > > ---------------------------------------------------------------------- > -- > > > > > > > > > *From:* Ian Fette > [mailto:ifette@google.com > > <mailto:ifette@google.com> > > > <mailto: ifette@google.com <mailto:ifette@google.com>> > > > > <mailto:ifette@google.com <mailto:ifette@google.com> > > <mailto:ifette@google.com <mailto:ifette@google.com >>> > > > > > <mailto:ifette@google.com > > <mailto:ifette@google.com> <mailto: ifette@google.com > > <mailto:ifette@google.com>> > > > <mailto: ifette@google.com <mailto: ifette@google.com> > > <mailto:ifette@google.com <mailto:ifette@google.com>>>>] > > > > > *Sent:* Thursday, October 11, 2007 > 12:48 PM > > > > > *To:* Close, Tyler J. > > > > > *Cc:* public-wsc-wg@w3.org > > <mailto: public-wsc-wg@w3.org> > > > <mailto:public-wsc-wg@w3.org <mailto:public-wsc- > wg@w3.org>> > > <mailto: public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org> > > > <mailto:public-wsc-wg@w3.org <mailto:public-wsc- > wg@w3.org>>> > > > > <mailto:public-wsc-wg@w3.org > > <mailto: public-wsc-wg@w3.org> <mailto: public-wsc-wg@w3.org > > <mailto:public-wsc-wg@w3.org>> > > > <mailto: public-wsc-wg@w3.org <mailto:public-wsc- > wg@w3.org> > > <mailto:public-wsc-wg@w3.org <mailto:public-wsc-wg@w3.org>>>> > > > > > *Subject:* Re: clarifications needed re > safe form > > > editor cert > > > > > matching algorithm > > > > > > > > > > It is in huge use. For example. if you > go to > > > > > https://signin.ebay.com and look at the > cert - > > the CN is > > > > > signin.ebay.com < http:// > signin.ebay.com> < > > http://signin.ebay.com> < > > > http://signin.ebay.com> > > > > < http://signin.ebay.com <http:// > signin.ebay.com>> but > > the certificate > > > > > subject alt name lists: > > > > > > > > > > Not Critical > > > > > DNS Name: signin.cafr.ebay.ca > > < http://signin.cafr.ebay.ca> > > > <http://signin.cafr.ebay.ca> <http://signin.cafr.ebay.ca > > > > > < http://signin.cafr.ebay.ca> > > > > > DNS Name: signin.ebay.ca > > <http://signin.ebay.ca> <http://signin.ebay.ca> > > > < http://signin.ebay.ca > > > > > < http://signin.ebay.ca> > > > > > DNS Name: signin.ebay.com.au > > < http://signin.ebay.com.au> > > > <http://signin.ebay.com.au> <http://signin.ebay.com.au > > > > > < http://signin.ebay.com.au <http:// > signin.ebay.com.au> > > < http://signin.ebay.com.au>> > > > > > DNS Name: signin.ebay.com.cn > > <http://signin.ebay.com.cn > > > > < http://signin.ebay.com.cn> < http://signin.ebay.com.cn> > > > > < http://signin.ebay.com.cn> > > > > > DNS Name: signin.express.ebay.com > > <http://signin.express.ebay.com > > > > <http://signin.express.ebay.com> > > > > < http://signin.express.ebay.com > > > <http://signin.express.ebay.com> > > > > > DNS Name: signin.half.ebay.com > > < http://signin.half.ebay.com> > > > <http://signin.half.ebay.com> > > > > < http://signin.half.ebay.com> < http:// > signin.half.ebay.com> > > > > > DNS Name: signin.liveauctions.ebay.com > > <http://signin.liveauctions.ebay.com> > > > < http://signin.liveauctions.ebay.com > > > > > <http://signin.liveauctions.ebay.com> > > > > > < http://signin.liveauctions.ebay.com > > > > <http://signin.liveauctions.ebay.com>> > > > > > DNS Name: signin.shopping.ebay.com > > <http://signin.shopping.ebay.com> > > > < http://signin.shopping.ebay.com> > > > > <http://signin.shopping.ebay.com > > <http://signin.shopping.ebay.com >> > > > <http://signin.shopping.ebay.com> > > > > > DNS Name: signin.tw.ebay.com > > <http://signin.tw.ebay.com> > > > < http://signin.tw.ebay.com> < http://signin.tw.ebay.com> > > > > <http://signin.tw.ebay.com <http:// > signin.tw.ebay.com>> > > > > > DNS Name: signin.ebay.com > > <http://signin.ebay.com> <http://signin.ebay.com> > > > < http://signin.ebay.com> > > > > <http://signin.ebay.com <http://signin.ebay.com > > > > < http://signin.ebay.com>> > > > > > > > > > > and if you go to https://signin.ebay.de > you again > > > get a cert > > > > > with CN= signin.ebay.com > > < http://signin.ebay.com> <http://signin.ebay.com> > > > <http://signin.ebay.com> < > > > > http://signin.ebay.com> but alt names of: > > > > > Not Critical > > > > > DNS Name: signin.befr.ebay.be > > <http://signin.befr.ebay.be> > > > <http://signin.befr.ebay.be> < http://signin.befr.ebay.be> > > > > < http://signin.befr.ebay.be <http:// > signin.befr.ebay.be>> > > > > > DNS Name: signin.benl.ebay.be > > <http://signin.benl.ebay.be> > > > < http://signin.benl.ebay.be> <http://signin.benl.ebay.be> > > > > <http://signin.benl.ebay.be <http:// > signin.benl.ebay.be>> > > > > > DNS Name: signin.ebay.at > > < http://signin.ebay.at> <http://signin.ebay.at> > > > <http://signin.ebay.at <http://signin.ebay.at >> > > > > <http://signin.ebay.at> > > > > > DNS Name: signin.ebay.be > > < http://signin.ebay.be> < http://signin.ebay.be> > > > <http://signin.ebay.be> > > > > < http://signin.ebay.be > > > > > > DNS Name: signin.ebay.co.uk > > < http://signin.ebay.co.uk> > > > <http://signin.ebay.co.uk> <http://signin.ebay.co.uk> > > > > < http://signin.ebay.co.uk> > > > > > DNS Name: signin.ebay.de > > <http://signin.ebay.de > <http://signin.ebay.de > > > > <http://signin.ebay.de> > > > > < http://signin.ebay.de> > > > > > DNS Name: signin.ebay.es > > <http://signin.ebay.es> < http://signin.ebay.es> > > > <http://signin.ebay.es> > > > > <http://signin.ebay.es < http://signin.ebay.es>> > > > > > DNS Name: signin.ebay.fr > > <http://signin.ebay.fr> < http://signin.ebay.fr> > > > <http://signin.ebay.fr <http://signin.ebay.fr>> > > > > < http://signin.ebay.fr> > > > > > DNS Name: signin.ebay.ie > > <http://signin.ebay.ie> < http://signin.ebay.ie> > > > <http://signin.ebay.ie> < > > > > http://signin.ebay.ie> > > > > > DNS Name: signin.ebay.nl > > <http://signin.ebay.nl> <http://signin.ebay.nl> > > > < http://signin.ebay.nl> > > > > < http://signin.ebay.nl> > > > > > DNS Name: signin.express.ebay.co.uk > > <http://signin.express.ebay.co.uk> > > > <http://signin.express.ebay.co.uk > > <http://signin.express.ebay.co.uk>> > > > > <http://signin.express.ebay.co.uk > > > > > > <http://signin.express.ebay.co.uk > > <http://signin.express.ebay.co.uk > > > > <http://signin.express.ebay.co.uk>> > > > > > DNS Name: signin.ebay.com > > <http://signin.ebay.com> < http://signin.ebay.com> > > > <http://signin.ebay.com > < > > > > http://signin.ebay.com < http://signin.ebay.com>> > > > > > > > > > > > > > > > So yeah, it's important. > > > > > On 10/11/07, *Close, Tyler J.* < > > tyler.close@hp.com <mailto:tyler.close@hp.com> > > > <mailto:tyler.close@hp.com <mailto:tyler.close@hp.com >> > > > > <mailto: tyler.close@hp.com > <mailto:tyler.close@hp.com> > > <mailto: tyler.close@hp.com <mailto:tyler.close@hp.com>>> > > > > > <mailto: tyler.close@hp.com > > <mailto:tyler.close@hp.com> > > > <mailto:tyler.close@hp.com <mailto: tyler.close@hp.com>> > > <mailto: tyler.close@hp.com <mailto:tyler.close@hp.com> > > > <mailto: tyler.close@hp.com > <mailto:tyler.close@hp.com>>>>> > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Thomas Roessler wrote: > > > > > > going through the matching > algorithm while > > > folding > > > > it in... > > > > > > > > > > > > - The current language confuses > > attributes and > > > > fields. I > > > > > suspect > > > > > > that you mean the various > attributes > > of the > > > Subject > > > > > certificate > > > > > > field. Please confirm. > > > > > > > > > > The CN, O, L, ST and C values I > refer to > > are the > > > ones > > > > in the set > > > > > referred to by the Subject field in > the > > end entity > > > > > certificate. Not sure > > > > > how to be any more specific about > this in > > PKIXese. > > > > > > > > > > > - I notice that you have some > rules that > > concern > > > > matching > > > > > the CN > > > > > > attribute, but none concerning > > > > subjectAltName. I'm happy to > > > > > > simply track this point as an > issue. > > > > > > > > > > Could you point me to a document > covering the > > > semantics of > > > > > subjectAltName? Is it in use in X. > 509 certs on > > > the Web? > > > > > > > > > > > Also, I'll open an issue to track > the "PKI > > > orthodoxy" > > > > > remarks that > > > > > > Hal had made at the face-to-face, > and will > > > link to that > > > > > issue from > > > > > > the draft. > > > > > > > > > > Thanks, > > > > > --Tyler > > > > > > > > > > > > > > > > > > > > > > > -- > > > > /* > > > > Serge Egelman > > > > > > > > PhD Candidate > > > > Vice President for External Affairs, Graduate > Student > > Assembly > > > > Carnegie Mellon University > > > > > > > > Legislative Concerns Chair > > > > National Association of Graduate-Professional > Students > > > > */ > > > > > > > > > > > > > > -- > > > /* > > > Serge Egelman > > > > > > PhD Candidate > > > Vice President for External Affairs, Graduate Student > Assembly > > > Carnegie Mellon University > > > > > > Legislative Concerns Chair > > > National Association of Graduate-Professional Students > > > */ > > > > > > > > > > -- > > /* > > Serge Egelman > > > > PhD Candidate > > Vice President for External Affairs, Graduate Student Assembly > > Carnegie Mellon University > > > > Legislative Concerns Chair > > National Association of Graduate-Professional Students > > */ > > > > > > -- > /* > Serge Egelman > > PhD Candidate > Vice President for External Affairs, Graduate Student Assembly > Carnegie Mellon University > > Legislative Concerns Chair > National Association of Graduate-Professional Students > */ > --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Friday, 12 October 2007 14:26:27 UTC