Re: BIND bugs of the month (spoofing secure Web sites?)

[djb () CR YP TO (D. J. Bernstein)]

Gary Gaskell says that an attacker shouldn't be able to get a
certificate for ``HugeBank Secure Banking.''

Why not? Do you think that the only HugeBank in the world is the one
that you have an account with? What if you're trying to communicate
securely with ``Joe's Auto Parts,'' or (to take a famous example from
Bell Labs) ``Stephen R. Bourne''? Names are not unique.

Even if there is only one HugeBank, do you seriously expect VeriSign to
set aside ``HugeBank Secure Banking,'' and ``Secure Banking HugeBank,''
and ``Secure Banking, an affiliate of HugeBank,'' and ``Huge Bank Secure
Banking,'' and ``HugeBahk Secure Banking''?

Jay Tribick comments that certificates are attached to domain names.
This is accounted for in my example. You have a secure connection to
hugebank.secure-banking.dom.

Hugo van der Kooij says that users should notice the redirection from
hugebank.com to hugebank.secure-banking.dom, and ``get on the phone to
inform the bank they have something odd going on.'' Does he also panic
when he is redirected from bn.com to barnesandnoble.com?

What if someone acquires barnesandnoble2.com, and redirects bn.com
there? Is that really Barnes & Noble, or is it an attacker exploiting
BIND's latest bugs? Is Hugo going to call Barnes & Noble to find out?
Gee, I feel so much more secure now.

The bottom line is that this attack works. When you walked into your
HugeBank branch, and walked out with a Guaranteed Secure HugeBank.Com
brochure, you were not given enough information to tell the difference
between HugeBank's web server and an attacker's web server. All you were
given was a domain name and a whole lot of hype.

---Dan