On 02/06/2012 09:00 PM, Jonathan Katz wrote:
One question, though. Langley writes: "If the attacker is close to the server then online revocation checks can be effective, but an attacker close to the server can get certificates issued from many CAs and deploy different certificates as needed." Anyone follow this line of reasoning?
Think of a small-to-medium business and secure website that only has servers at a single datacenter. If you were their ISP at that datacenter you could MitM all their traffic. If you can pwn their email, you can go to any number of CAs and buy a DV "domain validated" cert for their domain name. The rules established by the CA/Browser Forum http://www.cabforum.org/Baseline_Requirements_V1.pdf say of the subjectAltName field:
The CA MUST confirm that the Applicant controls the Fully-Qualified Domain Name or IP address or has been granted the right to use it by the Domain Name Registrant or IP address assignee, as appropriate.
So in theory a CA could issue a cert to some party on the basis that they can change some DNS entries or web pages (as seen by the CA at the time of registration) in the target domain. I always kinda thought an attacker with that sort of network capability was exactly the kind of thing SSL was supposed to protect against. - Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
