On 07/31/2014 01:17 AM, Ondrej Mikle wrote: > On 07/30/2014 09:17 PM, Kathleen Wilson wrote:
[...] >> So, Should we do this? >> Does it introduce security concerns? > > It definitely introduces non-deterministic behavior controlled by a potential > MitM attacker, in addition being hard to debug. > > Example: > > 1. client requests certificate indicated via AIA over http (common in IE) > 2. MitM attacker supplies one that triggers known bug - attacker can control > what is being exploited > 3. remote code execution or chain validation success that shouldn't happen > > I personally think that factorization of 1024-bit RSA roots or SHA-1 > collisions > is much harder than exploiting certificate validation code. I should probably add that a MitM attacker like an ISP can generally tamper with certificate chains sent in TLS handshake anyway, but AIA fetching would allow an adversary more hops away on a different continent to tamper with the connection. Ondrej _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy