On 20/2/09 20:07, Nelson B Bolyard wrote:
Benjamin Smedberg wrote, On 2009-02-20 10:28:
Homomorphic characters aren't a problem for wildcard matching. They're a
problem for users' eyeballs. The attack that was demonstrated could have
been done without wildcards. Changing the wildcard matching rules would
not eliminate this attack (in the general case).
I don't see how the attack could have been done without wildcards. CA
guidelines
Which (whose) guidelines? Are you referring to RFC 5280 section 7, or
to some other guidelines?
Mozilla's CA cert policy doesn't even mention this subject.
say that certificates should not be issued with homographic
characters that might cause confusion, and as far as we know these
guidelines are being followed.
By all CAs? That would be surprisingly delightful, if true.
When I consider the problems we've recently seen with fundamental issues
like properly verifying the identity of the certified subject, I'd be
surprised if something as esoteric as IDN is handled correctly by all CAs.
I agree with Nelson's comments. I'd even go further and say it is not
likely that a CA can reliably identify an IDN or even an ordinary domain
that is "sensitive" before the event.
CAs are not "global branding police" and do not have the wherewithall to
become such. Consider two countries with different languages and little
common cultural connection ... say Peru and Iraq. How is the Iraqi CA
going to spot that an iraqi just purchased a domain that looks like
Peru's biggest bank? (IDNs and wildcards are just distractors in this
question, they make the problem worse, but don't change it fundamentally
that I can see.)
It *might* be ok if we were just talking about one country's market and
everyone knows the names of all banks ... but that's not true in USA
where the banks number in the many thousands, and that's where the hot
threat scenario is.
(I do not see a solution for this possible at the guidelines / CA /
Mozilla policy level, included EV, but please correct me if I'm wrong...)
The attack here takes place entirely within the wildcard portion of the
domain because that's the portion the CA can't verify when they issue the
certificate.
A wildcard cert enabled numerous different sites to be spoofed with a
single cert for this demo. But I'd be surprised to learn that there are
NO CAs out there who are willing to issue certs with seemingly verifiable
non-wildcard IDN domain names.
How would they do it?
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
