[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
StartTLS and referral
As anyone thought much about the security considerations
of allowing StartTLS to return a referral. The is no
discussion in RFC2830 that discusses how an attacker,
by injecting a StartTLS response into the stream,
could redirect the client to a server of its choosing
(with a certificate of its choosing).
Give that many clients auto chase referrals... and
auto-verify certificates, the client might even not notice
that it re-connected to a rogue server with a verifiable
certificate. That is, verifiable with the host name of
the rogue server name. I don't it would make sense
operationally to require the client to verify using the
host name of the original server, but it might sense
security wise.
Same, I guess, applies to Bind operations... or
initial discovery of security features.
Anyways, food for thought.