Benjamin Smedberg wrote, On 2009-02-20 10:28: > On 2/20/09 12:11 PM, Nelson B Bolyard wrote: >> Benjamin Smedberg wrote, On 2009-02-19 07:39: >> >>> It sounds to me that we could and should fix this bug simply by disabling >>> punycode for the wildcard portion. >> I'm not sure what you're proposing here, Ben, or what effect you think >> it would have. > > I'm proposing that when Firefox displays the domain name of a site, it > should only use punycode display for the portion of the domain name which > actually appears in the certificate. So for a wildcard cert *.ijjk.cn, the > display would be > > xn--blahblahunreadablepunycode.ijjk.cn
Thanks for explaining that. You're proposing a change to the Firefox display, not to the actual wildcard matching rules. One implication of your proposal is that the code that would attempt to determine which part of the name matches a wildcard would need a way to fetch the particular DNS name string from the cert that was used in the match. That's quite feasible, but today, the function that does that name matching does not output the particular string against which it successfully matched. You would want a version of the function that could do that, I think. >> Homomorphic characters aren't a problem for wildcard matching. They're a >> problem for users' eyeballs. The attack that was demonstrated could have >> been done without wildcards. Changing the wildcard matching rules would >> not eliminate this attack (in the general case). > > I don't see how the attack could have been done without wildcards. CA > guidelines Which (whose) guidelines? Are you referring to RFC 5280 section 7, or to some other guidelines? Mozilla's CA cert policy doesn't even mention this subject. > say that certificates should not be issued with homographic > characters that might cause confusion, and as far as we know these > guidelines are being followed. By all CAs? That would be surprisingly delightful, if true. When I consider the problems we've recently seen with fundamental issues like properly verifying the identity of the certified subject, I'd be surprised if something as esoteric as IDN is handled correctly by all CAs. > The attack here takes place entirely within the wildcard portion of the > domain because that's the portion the CA can't verify when they issue the > certificate. A wildcard cert enabled numerous different sites to be spoofed with a single cert for this demo. But I'd be surprised to learn that there are NO CAs out there who are willing to issue certs with seemingly verifiable non-wildcard IDN domain names. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
