* Travis Burtrum <tra...@burtrum.org> [2015-11-05 18:45]: > This proposal defines a procedure to look up _tls SRV records in > addition to _tcp and mix weights/priorities.
One point that stood out to me is this: 6. Client or server SHOULD set SNI TLS extension to the host in the SRV record. Is that a deliberate decision or just inappropriate wording? While I can see the use case of a large XMPP hoster (*cough*gmail*cough*) that hosts many domains without actually having their respective certificates, this introduces a huge security issue: An attacker could poison/redirect a domain's SRV record to his own server (let's call it mallory.example), and a TLS-client would happily connect, request mallory.example's TLS certificate via SNI and successfully validate it, providing PLAIN credentials to the evil server. The attacker could even pass them on to the official server, making the connection seamless. While DNSSEC aims to solve this kind of attacks, it doesn't look like it's there yet - or should be relied upon. Georg -- || http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++ || gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ || || Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? || ++ IRCnet OFTC OPN ||_________________________________________________||
signature.asc
Description: Digital signature