[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [authmeth] secure derivations of server hostname
At 01:43 PM 6/30/2003, Michael Ströder wrote:
>I see some risks when relaxing the host name check.
There are certainly risks in use of derived names. But, I think, the
risks are not so severe to warrant the absolute prohibition of their
use. DNSSEC can be used to derive a name in secure fashion. Even
DNS can be used in a secure fashion (e.g., with user confirmation).
And with regards to mappings of "localhost" (or 127.0.0.1 or ::1), I
view the security considerations to a local matter (that is, it may
be secure in some environments, not in others).
This text:
"The client MUST use the server hostname it used to open the
LDAP connection as the value to compare against the server name as
expressed in the server's certificate. The client MUST NOT use any
other derived form of name including the server's canonical DNS name."
is problematic for a couple of reasons.
First, it says "the server hostname it used to open the LDAP connection" instead of
"the server hostname provided by the user (or application entity or other trusted entity)".
Second, derivation is fine if the result is confirmed by the user.
So, I'm thinking this should be reworded.
The client MUST use the server hostname provided by the user (or other trusted
entity) as the value to compare against the server name as expressed in the
server's certificate. A hostname derived from the user input is to be considered
provided by the user only if derived in a secure fashion (e.g., DNSSEC) or confirmed
by the user.
Kurt