On 11/08/13 16:54, Trevor Perrin wrote: > On Sun, Aug 11, 2013 at 4:34 AM, Tobias Gondrom > <[email protected]> wrote: >> Hi all, >> >> <no hats> >> >> A small question about pinning to names and uniqueness of "pinned names": >> Under which conditions could the following attack scenario be a problem >> and what would we do about it? >> >> Domain A has bought a cert from CA-11 with the name "super safe" and >> pins to the name instead of the cert. >> CA-11 could be an intermediate for CA-1 with the name "uber super safe". >> Which names could we pin to? >> - the intermediate CA-1 and/or CA-11? >> >> Now wondering whether the following is a problem: >> attacker gains control over CA-2 (either through an attack or through >> government influence) and issues a certificate for an intermediate >> CA-11' with the name "super safe". > > Yes, that's a problem. Gerv also brought up the "DigiCert" name collision. > > So using names as a "layer of indirection" to point to a set of > CA-declared keys seems better than trying to pin to names as they > appear in certs. > > > Trevor
Thank you for the clarification. In that case I would prefer not to pin to names. As the above scenario is exactly the one we wanted to avoid in the first place. We need to allow a domain to link to one specific cert or a specific set of certs (like from one specified CA), and by this avoid that they are exposed to risks by a breach of any other CA. If we really need a to pin to a group of certs, maybe one other idea might be to allow to pin to a top-node of a CA directly (but not intermediaries as we would have the same attack scenario with them, too.) Best regards, Tobias
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
