On 11/06/2009 04:01 AM, PhoenixMylo:
In short, 10.x.x.x or myserver or myserver.local (at least until such time ans IANA/ICANN sells .local to the highest bidder) are non- routable over the internet. If I, as an admin with 1000 users on 3000 different devices wish to obtain a CA sign cert to suppress browser errors for sites on my LAN for my users wish to pay a CA for that convenience rather than paying IANA/ICANN or one of there flunkies (who incidentally perform zero verification when I buy a domain), be prevented from doing so?
If the TLD doesn't really exists, than yes, you should not receive a certificate from a public CA. You can however use your own trusted root for your internal network, which incidentally really would protect you. Or use your real domain and reference the internal hostnames to the internal IPs. The DNS server doesn't have to be publicly accessible.
Because of vulnerabilities in the DNS system, or possibly hi-jacking of a HOSTS file?
Yes! That's exactly the reason why SSL certificates used for point-to-point encryption MUST be validated, otherwise how would you prevent a man-in-the-middle attack? Those vulnerabilities have been demonstrated and even practically used. That's THE number one reason why you use certificates from CAs and not your own home-brew. Otherwise why do you think the browser warns you in such a bold way when encountering an untrusted root?
It seems to me that DNS vulnerabilities and/or the ability of a malevolent party to alter a HOSTS file are the responsibility of those who code DNS servers and operating systems respectively. Not my responsibility, nor that of the CA.
With today's wifi access points, no flaw in any code has to exist in order to pwn you. But also corporate VPN access points are at risk and even threats from within the corporate network (like a grumbling employee or contractor).
Now, just consider you got a certificate for myserver.local from a CA. Your browser will trust it, right? You would trust your browser too, right?
But hey, if you can get a certificate for myserver.local, so can I, right? If I can get a certificate referencing a hostname at your network, than anybody can do the same, right? So we all have certificates for myserver.local and are happily using them....or?
If an attacker has a certificate for your machine at your network, he may be in the position to attack you by various means. Unfortunately, an attacker has compromised your connection and is using a certificate for myserver.local issued by a public CA. Just, you wouldn't even know, because you trust your browser and the CA.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
