Date: 15 Nov 1999 01:43:46 -0000 Message-ID: <19991115014346.20612.qmail@cr.yp.to> From: "D. J. Bernstein" To: bugtraq@securityfocus.com Subject: Re: BIND bugs of the month (spoofing secure Web sites?) References: <19991114052453.12962.qmail@cr.yp.to> <19991114223824.B74697@carrier1.net> Gary Gaskell says that an attacker shouldn't be able to get a certificate for ``HugeBank Secure Banking.'' Why not? Do you think that the only HugeBank in the world is the one that you have an account with? What if you're trying to communicate securely with ``Joe's Auto Parts,'' or (to take a famous example from Bell Labs) ``Stephen R. Bourne''? Names are not unique. Even if there is only one HugeBank, do you seriously expect VeriSign to set aside ``HugeBank Secure Banking,'' and ``Secure Banking HugeBank,'' and ``Secure Banking, an affiliate of HugeBank,'' and ``Huge Bank Secure Banking,'' and ``HugeBahk Secure Banking''? Jay Tribick comments that certificates are attached to domain names. This is accounted for in my example. You have a secure connection to hugebank.secure-banking.dom. Hugo van der Kooij says that users should notice the redirection from hugebank.com to hugebank.secure-banking.dom, and ``get on the phone to inform the bank they have something odd going on.'' Does he also panic when he is redirected from bn.com to barnesandnoble.com? What if someone acquires barnesandnoble2.com, and redirects bn.com there? Is that really Barnes & Noble, or is it an attacker exploiting BIND's latest bugs? Is Hugo going to call Barnes & Noble to find out? Gee, I feel so much more secure now. The bottom line is that this attack works. When you walked into your HugeBank branch, and walked out with a Guaranteed Secure HugeBank.Com brochure, you were not given enough information to tell the difference between HugeBank's web server and an attacker's web server. All you were given was a domain name and a whole lot of hype. ---Dan