Date: Tue, 27 Sep 2016 02:11:40 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: Two Dumb Questions Message-ID: <86inti8amb.fsf@desk.des.no> In-Reply-To: <35148.1474923202@segfault.tristatelogic.com> (Ronald F. Guilmette's message of "Mon, 26 Sep 2016 13:53:22 -0700") References: <35148.1474923202@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ronald F. Guilmette" <rfg@tristatelogic.com> writes: > If you are the man in the middle, and if the target/victim asks for > the certificate for some spoofed site `X', can't you just give him > back something which is valid for the spoofed site, you know, since > you are in the middle completely anyway? The client should not trust the certificate it gets from the server unless it can be traced back to a certificate in the client's trust store. For instance, if the server has a certificate signed by StartCom, it will transmit its own certificate as well as a copy of StartCom's intermediate certificate (which was used to sign the server certificate), which in turn was signed with StartCom's root certificate, which is in the trust store. > And also, I read something recently about how some guy was surprised > to find that... due to some temporary cock-up by one CA... he could > get a certificate for foo.bar.tld but he later found that he could > use that also for the superdomain of that, bar.tld. That was a > minor but significant screw up by the CA which was later corrected, > but it does give one reason to wonder about other possible scenarios. This rings a bell, but all I can think of at the moment is the claim earlier this year that StartSSL (StartCom's CA service) could be tricked into issuing certificates for any domain to anyone, which turned out to be false. Also, StartSSL used to automatically add example.com as an alternate name when you ordered a certificate for foo.example.com (which you could only do after proving that you owned example.com), but they stopped doing that. > For example, could a MiM perhaps get a cert for wwww.foo.tld (four w's) > and then, if that same MiM is able to send the victom spoofed DNS > responses, when asked for DNS of www.foo.tld, couldn't he/she just > sent back a CNAME which equates www.foo.tld to wwww.foo.tld and then > also run a web server that makes wwww.foo.tld look like the real thing? I find your scenario confusing, but if I understand you correctly, no. Browsers don't know or care about CNAMEs. They will try to match the certificate's distinguished name against the server name that was in the URL. In your scenario, the victim's browser will expect a certificate for www.foo.tld and will balk when presented with a certificate for wwww.foo.tld. > So again, my question is: Given that I have these three certs, is there > any way that I can leverage those into some information... i.e. *any* > information... about the party or parties to whom those cets were issued? You could try to contact the certificate authority that issued the certificate and ask, but I doubt they'd answer (if they even know), and in Let's Encrypt's case, there isn't anyone you can ask. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86inti8amb.fsf>