Domain-validated name-constrained CA certificates?

2010-04-03 Thread Matt McCutchen
[This thread is to continue the discussion from bug 554442; this message recaps the substance of the existing discussion.] It would be great if a Mozilla-recognized CA would be willing to give me, as the registrant of mattmccutchen.net, an intermediate CA certificate with a critical name constrain

Re: Alerts on TLS Renegotiation

2010-04-03 Thread Nelson B Bolyard
On 2010-04-03 04:29 PST, Eddy Nigg wrote: > On 04/03/2010 01:07 PM, Nelson B Bolyard: >> This is true because the attacker can arrange it so that the victim >> client's first handshake is actually a renegotiation for the server. >> It's NOT a renegotiation for the client, but it IS for the server

Exploitability of the TLS renegotiation prefix-injection attack

2010-04-03 Thread Matt McCutchen
On Wed, 2010-03-31 at 18:48 +0300, Eddy Nigg wrote: > On 03/31/2010 04:45 PM, Kai Engert: > > == snip quote begin == > > E.g., the attacker would send: > > > > GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1 > > X-Ignore-This: > > > > And the server uses the victim's account

Re: Alerts on TLS Renegotiation

2010-04-03 Thread johnjbarton
On 4/3/2010 6:45 AM, Jean-Marc Desperrier wrote: On 02/04/2010 18:25, johnjbarton wrote: The appropriate way to address this security problem starts by contacting the major providers of server software There's no need to contact them, they are well aware of the problem. AFAIK they have all alr

Re: Alerts on TLS Renegotiation

2010-04-03 Thread Jean-Marc Desperrier
On 02/04/2010 18:25, johnjbarton wrote: The appropriate way to address this security problem starts by contacting the major providers of server software There's no need to contact them, they are well aware of the problem. AFAIK they have all already issued the necessary updates. It's the sites

Re: Alerts on TLS Renegotiation

2010-04-03 Thread Eddy Nigg
On 04/03/2010 01:07 PM, Nelson B Bolyard: This is true because the attacker can arrange it so that the victim client's first handshake is actually a renegotiation for the server. It's NOT a renegotiation for the client, but it IS for the server. The server has previously negotiated with the attac

Re: NSS Signtol et al

2010-04-03 Thread Nelson B Bolyard
On 2010-04-02 11:07 PST, G. Richard Bellamy wrote: > I have some questions about signtool. Once again, these are probably > n00b questions, so I apologize if they’ve been covered elsewhere… any > guidance on relevant links would be much appreciated (e.g. a link to a > clearinghouse for doco on NSS

Re: Alerts on TLS Renegotiation

2010-04-03 Thread Nelson B Bolyard
On 2010-04-02 14:06 PST, Eddy Nigg wrote: > Hi Bob, > > On 04/02/2010 01:34 AM, Robert Relyea: >>> When a client (as in our case Firefox) implements RFC 5746, the >>> client can't be compromised and no data is leaked from the client. I >>> propose that Firefox should support the RFC 5746 extensi