Re: [TLS] AIA cert fetching seen as harmful

[Eric Rescorla <ekr at networkresonance.com>]

At Thu, 10 Apr 2008 18:28:54 -0700,
Nelson B Bolyard wrote:
> 
> Eric Rescorla wrote, On 2008-04-10 18:08:
> > At Thu, 10 Apr 2008 17:45:06 -0700,
> > Nelson B Bolyard wrote:
> >> Mike wrote, On 2008-04-10 09:01:
> >>
> >>> This could be made safe with some help from PKIX (if X.509 doesn't
> >>> already support it -- I haven't read RFC 3280 or -bis in a while).
> >>> If root certificates listed constraints on what constitutes a valid
> >>> URL for retrieving issued certificates, then a server could scan
> >>> the combined list from each trusted root to determine if it is safe
> >>> to fetch a client certificate.
> >> Are you all aware of this paper, now making a stir?
> >>
> >>     https://www.cynops.de/techzone/http_over_x509.html
> > 
> > Yes, Martin cited this paper a few weeks ago.
> > 
> >  
> >> It claims that fetching CA certs from URLs found in AIA extensions in certs
> >> that have not yet been validated is a vulnerability.  At least one browser
> >> organization known to me agrees.
> > 
> > How does that organization feel about inline images in HTML pages?
> 
> The problem isn't so much when browsers initiate fetches for certs from
> servers.  The major concerns are:
> a) servers fetching URLs from unvetted client auth certs, and
> b) mail clients fetching certs to verify signatures in emails from strangers.
> 
> Some email clients, in particular, are good at not fetching remote content
> from html emails, which confirms email addresses to spammers.  AIA cert
> fetching weakens their ability to defend against such attempts to validate
> email addresses.
> 
> Servers see them selves as similarly weakened.
> 
> I'm receiving inquiries about white listing CA URLs for AIA fetching. :(

I assume these people are up in arms about DKIM, then?

-Ekr

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls