Peter Gutmann wrote: > Readers are cordially invited to go to https://edgecastcdn.net and have a > look > at the subjectAltName extension in the certificate that it presents. An > extract is shown at the end of this message, this is just one example of many > like it. I'm not picking on Edgecast specifically, I just used this one > because it's the most Sybilly certificate I've ever seen. You'll find that > this one Sybil certificate, among its hundred-and-seven hostnames, includes > everything from Mozilla, Experian, the French postal service, TRUSTe, and the > Information Systems Audit and Control Association (ISACA), through to > Chainlove, Bonktown, and Dickies Girl (which aren't nearly as titillating as > they sound, and QuiteSFW). Still, who needs to compromise a CA when you have > these things floating around on multihomed hosts and CDNs. [...] > What a mess! A single XSS/XSRF/XS* attack, or just a plain config problem, > and the whole house of cards comes down.
Please don't mistake the following comment for a defence of any aspect of current PKI practice, but: I'm not seeing how an XSS or XSRF attack on one of the domains named in this certificate would enable attacks on the other domains. IIUC, if you resolve one of the domains that is a client of Edgecast, say www.mozilla.com, then you may get an Edgecast proxy server that will serve content over TLS on behalf of that domain. Clearly if you compromise such a proxy, then you get the ability to spoof any of the domains named in the certificate. But if you do some origin-based web attack on a particular domain, then you can only spoof that domain. And even if you have a full compromise of a server for one of the domains, that doesn't get you the private key for the certificate, which is held only by the proxies. Or am I missing something? -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature