[cryptography] Chrome to drop CRL checking

Marsh Ray marsh at extendedsubset.com
Tue Feb 7 00:31:53 EST 2012


On 02/06/2012 09:00 PM, Jonathan Katz wrote:
>
> One question, though. Langley writes: "If the attacker is close to
> the server then online revocation checks can be effective, but an
> attacker close to the server can get certificates issued from many
> CAs and deploy different certificates as needed." Anyone follow this
>  line of reasoning?

Think of a small-to-medium business and secure website that only has
servers at a single datacenter. If you were their ISP at that datacenter
you could MitM all their traffic.

If you can pwn their email, you can go to any number of CAs and buy a DV
"domain validated" cert for their domain name.

The rules established by the CA/Browser Forum
http://www.cabforum.org/Baseline_Requirements_V1.pdf
say of the subjectAltName field:
> The CA MUST confirm that the Applicant controls the Fully-Qualified
> Domain Name or IP address or has been granted the right to use it by
> the Domain Name Registrant or IP address assignee, as appropriate.

So in theory a CA could issue a cert to some party on the basis that
they can change some DNS entries or web pages (as seen by the CA at the
time of registration) in the target domain.

I always kinda thought an attacker with that sort of network capability
was exactly the kind of thing SSL was supposed to protect against.

- Marsh



More information about the cryptography mailing list