ACTION-520: Security considerations for wildcards (ISSUE-216)

I propose to add the following security considerations text:

 >>>>>
<head>Deriving human-readable information from domain-validated  
certificates</head>

<p>For domain validated certificates, none of the ordinary human- 
readable information provided in a certificate is actually attested  
to; instead, a binding between public key a domain name (or wildcard)  
is created.  Therefore, <specref ref="signal-content"/> provides that,  
as a fall-back of last resort, a domain name retrieved from the  
subject's subjectAltName extension, or from the Common Name attribute,  
should be displayed.</p>

<p>This specification does not suggest displaying the domain name used  
in the source URI, since that domain name may be under the control of  
an attacker.  We consider it less risky to display a string like  
"*.example.com", than "bigbank.example.com" when the binding that was  
attested is one to "*.example.com".</p>
<<<<<

I believe that, additionally, there should be a change in 6.1.1 that  
gives subjectAltName precedence over Common Name; I don't see a  
specific action item to make that change.

Also, writing this text, it occurs to me that we nowhere say that a  
domain name should always be shortened from the left, never from the  
right.  I suspect that the identity signal content section might be  
usefully hold that piece of advice.

Thoughts anybody?

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Monday, 6 October 2008 12:24:40 UTC