> > I think that tumblr.com and dyndns.org can figure out a way to > avoid delegating that particular prefix.
Has there been any effort to standardize or register the "special" subdomains, e.g. something like *well-known*.domain.com? Having seen large companies fail to secure the abuse@, webmaster@, security@, and other local parts that allow "proving" domain ownership, I'm not as sanguine that tumblr and dyndns (and wix and squarespace and wordpress and ..) will remember to block off all the pertinent subdomains in advance. /m -- Mark E. Risher | Group Product Manager | [email protected] | 650-253-3123 On Tue, May 3, 2016 at 4:43 PM, Viktor Dukhovni <[email protected]> wrote: > On Wed, May 04, 2016 at 01:38:22AM +0200, Daniel Margolis wrote: > > > Yeah, I agree on the two points. But is it safe for us to assume that > > "smtp-sts-policy" is not an untrusted host? This was our concern, given > > examples like dyndns.org or tumblr.com. Of course, an attacker also has > to > > do DNS injection, but with insecure DNS that's in our threat model. > > I think that tumblr.com and dyndns.org can figure out a way to > avoid delegating that particular prefix. > > > This is the argument for imposing this specific (nonstandard) certificate > > requirement (that it match the bare domain), albeit with the > implementation > > risk that you point out. I think this is a real tradeoff--the risk of > > someone screwing up cert validation versus the risk of someone ceding the > > host to an untrusted person. > > I think the implementation screwup risk is higher. The more vanilla > the design requirements, the more likely implementors are to get > it right. > > -- > Viktor. > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
