[cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase domain
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Sep 10 19:39:16 UTC 2013
On 09/10/2013 08:13 PM, From Jeremy Rowley:
>
> I know we’ve performed similar (non-malicious) experiments with DV
> certs to see how easy it would be to phish a banking domain. It’s
> pretty easy. I think this is a good launching point to discuss how we
> can improve the BRs in a manner that prevents these types of phishing
> attacks.
>
In this respect I have a hot topic I'm supposed to check with the CAB
Forum, this comes convenient....
From time to time we get requests for certificates that contain
possible domains within the host name, for example:
/domain.com.dom.net/
Now we have made an effort to disallow this practice as much as possible
recently because it could be easily abused:
/paypal.com.dom.net/
Or to make it more obvious:
/https://www.paypal.com.some.net/us/cgi-bin/webscr?cmd=_flow&SESSION=KKIncv649JDbg/
As it happens, some CAs issue such potentially confusing certificates
and we ourselves get every while requests for them. In particular also
from companies that provide or want proxy services and in order to mask
the names as much as possible it looks something like this (this is from
a real request):
*.sharepoint.com.some.com *.microsoftonline.com.some.com
*.outlook.com.shamir.adallom.com *.office365.com.some.com
Which again could easily confuse a relying party which might or might
not know about the MITM going on.
I would like to know what the stance of the membership here is on this
topic, in particular software vendors. And if there is room to clarify
this via regulation by the BR. Otherwise there is probably no point in
punishing our clients when others or they can get it easily elsewhere.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130910/2fdc3a55/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130910/2fdc3a55/attachment.p7s>
More information about the Public
mailing list