|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Fri, 23 Jul 2010 02:07:15 +0100 From: David-Sarah Hopwood <david-sarah@jacaranda.org> To: cryptography@metzdowd.com In-Reply-To: <E1ObqW0-0007ar-SM@wintermute02.cs.auckland.ac.nz> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig899298132BB9400BB8F61812 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Peter Gutmann wrote: > Readers are cordially invited to go to https://edgecastcdn.net and have= a look=20 > at the subjectAltName extension in the certificate that it presents. A= n=20 > extract is shown at the end of this message, this is just one example o= f many=20 > like it. I'm not picking on Edgecast specifically, I just used this on= e=20 > because it's the most Sybilly certificate I've ever seen. You'll find = that=20 > this one Sybil certificate, among its hundred-and-seven hostnames, incl= udes=20 > everything from Mozilla, Experian, the French postal service, TRUSTe, a= nd the=20 > Information Systems Audit and Control Association (ISACA), through to=20 > Chainlove, Bonktown, and Dickies Girl (which aren't nearly as titillati= ng as=20 > they sound, and QuiteSFW). Still, who needs to compromise a CA when yo= u have=20 > these things floating around on multihomed hosts and CDNs. [...] > What a mess! A single XSS/XSRF/XS* attack, or just a plain config prob= lem, > and the whole house of cards comes down. Please don't mistake the following comment for a defence of any aspect of= current PKI practice, but: I'm not seeing how an XSS or XSRF attack on one of the domains named in t= his certificate would enable attacks on the other domains. IIUC, if you resolve one of the domains that is a client of Edgecast, say= www.mozilla.com, then you may get an Edgecast proxy server that will serv= e content over TLS on behalf of that domain. Clearly if you compromise such a proxy, then you get the ability to spoof= any of the domains named in the certificate. But if you do some origin-ba= sed web attack on a particular domain, then you can only spoof that domain. And even if you have a full compromise of a server for one of the domains= , that doesn't get you the private key for the certificate, which is held o= nly by the proxies. Or am I missing something? --=20 David-Sarah Hopwood =E2=9A=A5 http://davidsarah.livejournal.com --------------enig899298132BB9400BB8F61812 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAkxI628ACgkQWUc8YzyzqAeMowD/V3+lFql/YjTYnI84yfZbxagS qBdR/xDwKhR1J+rgTa0A/24iGaWW8DWJxlLf6SynwKao7qh9baQALIYzuKcmLfm9 =8+pE -----END PGP SIGNATURE----- --------------enig899298132BB9400BB8F61812-- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |