Re: ACTION-520: Security considerations for wildcards (ISSUE-216)

I'm taking lack of discussion as consensus on the item for the security 
considerations text. Anil, I'll create an editorial action for this. 

For the rest, it seems a bit vague to declare anything. 

          Mez





From:
Thomas Roessler <tlr@w3.org>
To:
WSC WG <public-wsc-wg@w3.org>
Date:
10/06/2008 08:33 AM
Subject:
ACTION-520: Security considerations for wildcards (ISSUE-216)
Sent by:
public-wsc-wg-request@w3.org




I propose to add the following security considerations text:

 >>>>>
<head>Deriving human-readable information from domain-validated 
certificates</head>

<p>For domain validated certificates, none of the ordinary human- 
readable information provided in a certificate is actually attested 
to; instead, a binding between public key a domain name (or wildcard) 
is created.  Therefore, <specref ref="signal-content"/> provides that, 
as a fall-back of last resort, a domain name retrieved from the 
subject's subjectAltName extension, or from the Common Name attribute, 
should be displayed.</p>

<p>This specification does not suggest displaying the domain name used 
in the source URI, since that domain name may be under the control of 
an attacker.  We consider it less risky to display a string like 
"*.example.com", than "bigbank.example.com" when the binding that was 
attested is one to "*.example.com".</p>
<<<<<

I believe that, additionally, there should be a change in 6.1.1 that 
gives subjectAltName precedence over Common Name; I don't see a 
specific action item to make that change.

Also, writing this text, it occurs to me that we nowhere say that a 
domain name should always be shortened from the left, never from the 
right.  I suspect that the identity signal content section might be 
usefully hold that piece of advice.

Thoughts anybody?

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>