On 02/26/2009 01:49 PM, Jean-Marc Desperrier:
Just one thing : The use of a wildcard certificate was a misleading red herring in the implementation of the attack.
Yes, I've been saying it all along.
What's truly broken is that the current i18n attack protection relies on the checking done by the registrar/IDN, and that the registrar/IDN can only check the second-level domain name component.
Dhuuu :-)
Once they have obtained their domain name, attacker can freely use the third-level domain name component to implement any i18n attack they want even if no wildcard certificate is authorized.
Correct in case the CA doesn't do any additional checking. IMO we should require it.
This is not to say that wildcard certificates are not bad, evil, anything
Wild cards are not evil and certainly not bad. Wild cards are terrific and a real time saver at least. However it requires a certain responsibility and I'd like to see better verification procedures by CAs.
with regard to the attack. So it needs to be discussed on the security group, not crypto.
It should be discussed in the new m.d.s.policy group IMO. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [email protected] Blog: https://blog.startcom.org _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
