[NCAP-Discuss] [Ext] Re: Draft final Study 1 report
Danny McPherson
danny at tcb.net
Wed Apr 29 20:31:32 UTC 2020
On 2020-04-29 16:11, Rubens Kuhl wrote:
> Anne,
>
> Most of what you posted is more of the same and I'll just refer people
> to my previous comments on them, available on both list archives. On
> the man in the middle issue, this was already identified by SAC 057,
> and had its most prominent threat vector mitigated by measures by both
> the ICANN collision framework and CA/B Forum guidelines that now don't
> allow certificates to not delegated TLDs. Other than that specific
> threat vector, commonplace security measures in Internet applications
> already handle man in the middle threats, regardless of being
> collision-related or not.
SAC057 certainly helped some in the case of webPKI, but it has little to
nothing to do with the entire class of attack vectors that are enable
via service discovery protocols.
Further, that all assumes you think webPKI, where you're only as secure
as the least secure certification authority in your application's
truststore, is, err... secure.
-danny
More information about the NCAP-Discuss
mailing list