Closed
Bug 406655
Opened 17 years ago
Closed 17 years ago
Use eTLD service to limit scope of user-overridden certs
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: Dolske, Assigned: dveditz)
References
Details
We allow the user to override the browser and force it to accept invalid certificates. One issue that's been raised is that a malicious cert might have wildcards higher than it should (eg *.com, *.co.uk, etc), and if the user is tricked into accepting it when visiting https://evilsite.co.uk, they could then be open to MITM attacks even when visiting https://goodsite.co.uk. A simple approach of blocking "*" and *.TLD (*.com, *.net, *.us, etc) would help, but fails for more complex cases (like a cert for "*.co.uk"). Using the eTLD service would allow the blocking wildcards even in these cases... AFAIK there's no use case for such a certificate? I think another bug sought to limit the scope of the overridden certificates to the original site where it was accepted, so maybe this isn't an issue now.
Reporter | ||
Comment 1•17 years ago
|
||
(I'm not sure if the wildcard issue is already public or not, so I filed this as security sensitive. If it's already known, this one can be made public too.)
Comment 2•17 years ago
|
||
It's mentioned implicitly in bug #159483. And after bug #240261 was declared wontfix for 1.8.x (see bug #402347) i mentioned it in my bugtraq posting <http://nils.toedtmann.net/pub/subjectAltName.txt>. So it's known.
Comment 3•17 years ago
|
||
The code we added to support cert overrides already binds them to the specific site visited, so a cert with a trust override for https://evilsite.co.uk will only be trusted for https://evilsite.co.uk, even if it claims to apply to the whole internet. Indeed, it will actually only be saved for evilsite.co.uk:port If a user manually imports a cert from disk which makes broad claims about its legitimacy, we trust it and accept greedy wildcards, but as Nils mentions, this is covered by existing bugs.
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•