On 28/08/2017 10:15, Nick Lamb wrote:
I think that instead Ryan H is suggesting that (some) CAs are taking advantage
of multiple geographically distinct nodes to run the tests from one of the
Blessed Methods against an applicant's systems from several places on the
Internet at once. This mitigates against attacks that are able to disturb
routing only for the CA or some small corner of the Internet containing the CA.
For example my hypothetical 17 year-old at the ISP earlier in the thread can't
plausibly also be working at four other ISPs around the globe.
This is a mitigation not a fix because a truly sophisticated attacker can obtain other
certificates legitimately to build up intelligence about the CA's other perspective
points on the Internet and then attack all of them simultaneously. It doesn't involve
knowing much about Internet routing, beyond the highest level knowledge that connections
from very distant locations will travel by different routes to reach the "same"
destination.
Another reason this is only a mitigation is that it provides little
protection against an attack against the small corner of the Internet
containing the victim domain owner. For this, the attacker just needs
to be close enough to divert traffic to the victim from most of the
Internet. Of cause that could be mitigated if the victim system is
geographically distributed (as is often true of DNS) using unrelated
ISPs for the different locations (so not 5 different Amazon availability
zones for example).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
