[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

Jakob Bohm jb-openssl at wisemo.com
Tue Dec 11 07:35:04 UTC 2018


On 10/12/2018 14:41, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of Michael Ströder
>> Sent: Saturday, December 08, 2018 06:59
>>
>> On 12/7/18 11:44 PM, Michael Wojcik wrote:
>>> Homograph attacks combined with phishing would be much cheaper and
>>> easier. Get a DV certificate from Let's Encrypt for anazom.com or
>>> amazom.com, or any of the Unicode homograph possibilies>
>>> Part of the point of EV certificates was supposed to be making the
>>> difference in trust visible to end users.
>> And how do you avoid such homograph attack on subject DN attribute "O"
>> (organization's name) when display the holy EV green sign?
>>
>> => EV certs also don't help in this case.
>>
>> Also in case of amazon.com most users know the pure domain name but not
>> the *exact* company name, not to speak of the multitude of names of all
>> the subsidiaries.
> Oh, I agree (at least on the latter point - I'm not sure how concerned I am about homograph attacks on the subject DN, since the common UAs are verifiying subjAltName values and ignoring the DN). That's why I wrote "was *supposed* to be". I don't think EV certificates accomplished this goal.
>
> I've never felt EV certificates were very useful, and they got progressively worse over time. Remember back in July when Entrust's Chris Baily put language on the CA/BF ballot (Ballot 255, specifically, if anyone wants to look it up) to restrict EV certificates to entities that had been incorporated for at least 18 months? That's the kind of terrible thinking that the EV process produced.
>
> The Stripe certificate fiasco that led to Baily's proposal is another example of why EV certificates Just Don't Work. The idea of having different certificates at different trust levels might be salvageable, but the EV implementation put the burden of evaluating those trust levels on the user (because user agents just passed it on to them), and the vast majority of users aren't in any position to do that. Nor were they in any position to determine how those trust levels ought to affect their threat model (that was the hole exploited by the Stripe attack). A site with a legitimate EV certificate might still misrepresent itself, perform hostile actions, or be vulnerable to attack (or already subverted) - EV says nothing about those risks.
The Stripe certificate fiasco relied heavily on browsers not displaying
the EV certificate fields (specificlly Jurisdiction of incorporation)
correctly along with the name, as clearly spelled out in the EV
specification.

That Jurisdiction field along with the uniqueness checks done by the
authorities of the jurisdiction is what is supposed to prevent
homographs in the O field.  For example, using Cyrillic letters in a
de jure company name is unlikely to be allowed outside the Cyrillic
using jurisdictions (former USSR, Serbia, maybe Bosnia and Montenegro).
  If displayed, users should readily notice the wrong country in the
green bar.


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list