Hi Jeff, > -----Original Message----- > From: Jeffrey Walton > > Hi Patrick, > > > I'm afraid I don't get your point. > (1) Wild carding violates the Principle of Least Privilege.
I can't see that any endpoint in the communication gets more privilege than necessary when I equip my host with a wildcard cert. In case your host is not only server, but also client and needs to authenticate itself against another server, then that's something else. You shouldn't equip a client with a wildcard cert and do strong authentication. But that wasn't the scenario we were talking about. > (2) A certificate binds a public key to an entity such as a user or > host. I claim using a wild card certificate to attest to all hosts in > a domain violates the trust. In this case, why bother purchasing a > wild card certificate from VeriSign or Comodo when you can say, "We > self-signed, Trust Us". In my minds, eye, both instill the same level > of confidence. I beg to disagree. A public CA verifies the identity of the company, of the applicant, his relation to the company and that the company indeed own the claimed domain. Nothing of that is verified if you use a self signed certificate or play CA yourself. So you indeed have very different levels of confidence. Plus that's all the customer needs to know: The owner of the corresponding private key is indeed the owner of the domain in question. Trustwise, whether the host's name is a or b is of no relevance to the customer. All he wants to be sure of is that he is indeed talking to a host of the service provider that he intends to talk to. And a wildcard cert is giving him this trust. > (3) Moxie's BlackHat presentation used the wild card feature to > achieve his goals (see around slide 90 where he states, "Get a > domain-validated SSL wildcard cert..."). But as said before, this is of no relevance here, because just because he is using a wildcard cert in his attack doesn't make deploying a wildcard cert on a server any less secure than a non-wildcard one, neither for the service provider, nor for the customer. As Rene has pointed already out, Moxie's presentation was about security weaknesses in browsers at the time of his talk or even earlier, not about security weaknesses in wildcard certs. > >> So security-wise, I still can't see the major drawbacks you were > >> talking about > Apparently we have different security postures. So far you only claimed there is a security difference between wildcard and non-wildcard certs, but failed to demonstrate it. Renee and I gave you attack-scenarios that actually have the same security level and consequences in case of compromise when using wildcard and non-wildcard certs. Why don't you put your scenario on the table, so we can have a look at it? Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
