On 14/11/2016 18:59, Gervase Markham wrote:
On 14/11/16 16:56, Jakob Bohm wrote:
If this is the only privacy mechanism in 6962bis, I would suggest that
everyone not employed by either Google or another mass-monitoring
service block its adoption on human rights grounds and on the basis of
being a mass-attack on network security.
I think you are overstating the in-practice benefits of attempting to
keep your internal hostnames secret.
There are also the names of non-public e-mail addresses, such as the
e-mail addresses of individuals.
As a wise person pointed out at CAB Forum, if I wanted to find out lots
of hostnames on Microsoft's internal network, I would just run a network
sniffer at the local Starbucks and look at what DNS requests were made.
But those would only be a specific subset (those used by local area
remote-workers) of internal hostnames from a single company. CT
without privacy gives you all the public-certificate-holding servers of
every company, and organization, world-wide. Without having to travel
to the country of your victim.
Comparison to the reasons for the introduction of NSEC3 DNSSEC records
are highly relevant here.
Also, wildcards are an additional mechanism by which you can keep the
leftmost part of your hostname private, for subdomains.
But wildcard certs are weaker in terms of security.
Gerv
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
