Two Dumb Questions
des at des.no
Tue Sep 27 00:11:47 UTC 2016
"Ronald F. Guilmette" <rfg at tristatelogic.com> writes:
> If you are the man in the middle, and if the target/victim asks for
> the certificate for some spoofed site `X', can't you just give him
> back something which is valid for the spoofed site, you know, since
> you are in the middle completely anyway?
The client should not trust the certificate it gets from the server
unless it can be traced back to a certificate in the client's trust
store. For instance, if the server has a certificate signed by
StartCom, it will transmit its own certificate as well as a copy of
StartCom's intermediate certificate (which was used to sign the server
certificate), which in turn was signed with StartCom's root certificate,
which is in the trust store.
> And also, I read something recently about how some guy was surprised
> to find that... due to some temporary cock-up by one CA... he could
> get a certificate for foo.bar.tld but he later found that he could
> use that also for the superdomain of that, bar.tld. That was a
> minor but significant screw up by the CA which was later corrected,
> but it does give one reason to wonder about other possible scenarios.
This rings a bell, but all I can think of at the moment is the claim
earlier this year that StartSSL (StartCom's CA service) could be tricked
into issuing certificates for any domain to anyone, which turned out to
be false. Also, StartSSL used to automatically add example.com as an
alternate name when you ordered a certificate for foo.example.com (which
you could only do after proving that you owned example.com), but they
stopped doing that.
> For example, could a MiM perhaps get a cert for wwww.foo.tld (four w's)
> and then, if that same MiM is able to send the victom spoofed DNS
> responses, when asked for DNS of www.foo.tld, couldn't he/she just
> sent back a CNAME which equates www.foo.tld to wwww.foo.tld and then
> also run a web server that makes wwww.foo.tld look like the real thing?
I find your scenario confusing, but if I understand you correctly, no.
Browsers don't know or care about CNAMEs. They will try to match the
certificate's distinguished name against the server name that was in the
URL. In your scenario, the victim's browser will expect a certificate
for www.foo.tld and will balk when presented with a certificate for
> So again, my question is: Given that I have these three certs, is there
> any way that I can leverage those into some information... i.e. *any*
> information... about the party or parties to whom those cets were issued?
You could try to contact the certificate authority that issued the
certificate and ask, but I doubt they'd answer (if they even know), and
in Let's Encrypt's case, there isn't anyone you can ask.
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security