On 09/19/2008 01:03 AM, Kyle Hamilton: > Mary and Mallory may not be the same control. > > Mary has a site with a cert with AIA. Mallory can take control over > that location for the AIA, without Mary being able to do a thing to > stop it. >
Mary knows that she has a cert, because she installed it. If the cert is from a CA, than the CA knows about that Alice visited Mary already by other means (CRL,OCSP). Supposed Mallory isn't the CA and has no control over Mary, than Mallory has perhaps control (by whatever means) over the DNS server Alice is using. Now the CA issuer URL of the AIA extension of the cert installed at Mary will point to a different IP instead of that of the CA. Now Mallory knows that Alice (and whoever else) visited Mary. But wait, he can do the same with the CLR DP and OCSP URL. The CA Issuer URL doesn't introduce anything new here. However in all those cases, the connection to the secured site of Mary may not succeed because - the issuer certificate doesn't validate to a trusted root - the CRL isn't valid - the OCSP response is certainly not valid Now Alice might realize that maybe something isn't quite right. However in any of the cases above there is no vulnerability - there might be a problem in case the DNS is poisoned and Alice reveals unwillingly that she tried to visit Mary. There is a big difference! Now the impact of that scenario is by far, far smaller than some want us to believe. In any case, the CA Issuer and fetching of the certificate doesn't introduce ANYTHING new - otherwise get rid of CRL and OCSP checking as well. It's the same attack vector. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
