From owner-freebsd-security@freebsd.org  Tue Sep 27 00:11:47 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB82DBEBB86
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 27 Sep 2016 00:11:47 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id A763EE24
 for <freebsd-security@freebsd.org>; Tue, 27 Sep 2016 00:11:47 +0000 (UTC)
 (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id 2281261DD;
 Tue, 27 Sep 2016 00:11:46 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id 1685343485; Tue, 27 Sep 2016 02:11:40 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc: freebsd-security@freebsd.org
Subject: Re: Two Dumb Questions
References: <35148.1474923202@segfault.tristatelogic.com>
Date: Tue, 27 Sep 2016 02:11:40 +0200
In-Reply-To: <35148.1474923202@segfault.tristatelogic.com> (Ronald
 F. Guilmette's message of "Mon, 26 Sep 2016 13:53:22 -0700")
Message-ID: <86inti8amb.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 00:11:47 -0000

"Ronald F. Guilmette" <rfg@tristatelogic.com> writes:
> If you are the man in the middle, and if the target/victim asks for
> the certificate for some spoofed site `X', can't you just give him
> back something which is valid for the spoofed site, you know, since
> you are in the middle completely anyway?

The client should not trust the certificate it gets from the server
unless it can be traced back to a certificate in the client's trust
store.  For instance, if the server has a certificate signed by
StartCom, it will transmit its own certificate as well as a copy of
StartCom's intermediate certificate (which was used to sign the server
certificate), which in turn was signed with StartCom's root certificate,
which is in the trust store.

> And also, I read something recently about how some guy was surprised
> to find that... due to some temporary cock-up by one CA... he could
> get a certificate for foo.bar.tld but he later found that he could
> use that also for the superdomain of that, bar.tld.  That was a
> minor but significant screw up by the CA which was later corrected,
> but it does give one reason to wonder about other possible scenarios.

This rings a bell, but all I can think of at the moment is the claim
earlier this year that StartSSL (StartCom's CA service) could be tricked
into issuing certificates for any domain to anyone, which turned out to
be false.  Also, StartSSL used to automatically add example.com as an
alternate name when you ordered a certificate for foo.example.com (which
you could only do after proving that you owned example.com), but they
stopped doing that.

> For example, could a MiM perhaps get a cert for wwww.foo.tld (four w's)
> and then, if that same MiM is able to send the victom spoofed DNS
> responses, when asked for DNS of www.foo.tld, couldn't he/she just
> sent back a CNAME which equates www.foo.tld to wwww.foo.tld and then
> also run a web server that makes wwww.foo.tld look like the real thing?

I find your scenario confusing, but if I understand you correctly, no.
Browsers don't know or care about CNAMEs.  They will try to match the
certificate's distinguished name against the server name that was in the
URL.  In your scenario, the victim's browser will expect a certificate
for www.foo.tld and will balk when presented with a certificate for
wwww.foo.tld.

> So again, my question is:  Given that I have these three certs, is there
> any way that I can leverage those into some information... i.e. *any*
> information... about the party or parties to whom those cets were issued?

You could try to contact the certificate authority that issued the
certificate and ask, but I doubt they'd answer (if they even know), and
in Let's Encrypt's case, there isn't anyone you can ask.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no