On Thu, Jan 18, 2018 at 2:47 PM, Alex Gaynor via dev-security-policy < [email protected]> wrote:
> > Certificates don't exist on Domain Names if we think really hard about it, > but servers with IPs that domain names point to can serve certificates, and > that seems like a reasonable interpretation of the intent of that sentence, > which TLS-SNI-01 fulfills. > > Expounding on that, certificate & key pairs are associated to logical end points who mechanism of distinct selection can vary as to at least several modes: 1. The TLS certificate & key pairs are bound to a combination of IP address(es) and Port(s) such that any connection to said combination shall definitively present a particular certificate. 2a. The TLS certificate & key pair selection matrix may add a further decisioning axis dependent upon the presentation of a TLS-SNI value. 2b. There may be a behavior selecting for a default TLS certificate & key pair in circumstances where a TLS-SNI is presented but does not match a configured pattern. 2c. There may be a behavior selecting for a default TLS certificate upon the failure to present a TLS-SNI value. There are probably more. In fact, as I think of it, I am certain this is the case. Some of the TLS termination load balancers at the CDNs use other early protocol and alg support information in the TLS exchange to decide to present an ECC certificate versus an RSA certificate dynamically. Similarly, some of the same players utilize alg support in the exchange to serve up a "legacy" sha-1 certificate signed by a legacy trusted CA hierarchy that would no longer be trusted in modern browsers in order to provide legacy compatibility. These kinds of scenarios conspire to make domain validation via TLS connection quite nebulous as to whether or not you can ascertain that you are communicating with the party you intend to validate. As Mr. Gaynor points out, there remains the reasonable interpretation that the mechanism undertaken by TLS-SNI-01 does fulfill the quite vague mandate of method 10. Naturally, there is also a reasonable interpretation that the mechanism does not satisfy the intent of method 10. Because method 10 is construed in such a technologically deficient manner, who could reasonably say? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
