On Fri, Sep 02, 2016 at 08:29:38PM -0000, John Levine wrote:
> >That runs afoul of the need to not delegate policy to untrusted
> >nodes somewhere in one's own domain tree. Some service operators
> >dole-out leaf nodes to "strangers". Universities may delegate
> >sub-domains to deparments, that might employ their dedicated IT
> >staff that are not trusted by the parent organization, ...
>
> So you're saying that if the hostname is hard coded, you somehow know
> it's not delegated to someone else, but if it comes from a SRV record,
> you don't?
I expect that for domains that actually have an STS policy, I can
rely on a downgrade resistant access path to that policy.
For example an on-path attacker might redirect the SRV record to
some HTTPS server which does not publish an STS policy (404), and
that should mean that the policy has been revoked.
Or one might find some sub-domain with a weak policy and direct
the client there (which might be somewhat addresed by including
the domain name in the policy).
Or indeed, when strangers can register sub-domains, the SRV with
a constrant to a subdomain model breaks down.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
