Eddy Nigg wrote: > Well, I don't agree with the statements above. It really depends what > kind of DNS attack it is and how prepared the CA is and what the CA does > about it.
Exactly my point. If the CA's DNS is secure, the EV system is safe. If it's not, it's not. So the two are linked, and they shouldn't be. Note I wasn't specifically talking about this attack, which the CAs may well have patched against. My point is that if another vulnerability in DNS permitting spoofing is discovered, then EV is at risk - i.e. there is a link between the security of the two things. > Besides that, I don't understand where the weakness should be > - DV certs are all about protecting against DNS spoofing attacks... The weakness is that the CA's DNS server could be poisoned to allow the attacker to intercept their communications (e.g. email) with the target domain, and thereby obtain a DV certificate for it fraudulently. They could then use this DV certificate combined with more DNS hijacking to inject content into pages which load mixed (EV+DV) content, as Heikki explains. The result is that a mixed EV+DV page can be compromised if there is an ability to hijack DNS. Which is why I said the security of the two systems is currently linked. We can eliminate the link by requiring all-EV. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
