[Date Prev][Date Next] [Chronological] [Thread] [Top]

StartTLS and referral

To: ietf-ldapbis@OpenLDAP.org
Subject: StartTLS and referral
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 02 Aug 2002 00:37:24 -0700

As anyone thought much about the security considerations
of allowing StartTLS to return a referral.  The is no
discussion in RFC2830 that discusses how an attacker,
by injecting a StartTLS response into the stream,
could redirect the client to a server of its choosing
(with a certificate of its choosing).

Give that many clients auto chase referrals... and
auto-verify certificates, the client might even not notice
that it re-connected to a rogue server with a verifiable
certificate.  That is, verifiable with the host name of
the rogue server name.  I don't it would make sense
operationally to require the client to verify using the
host name of the original server, but it might sense
security wise.

Same, I guess, applies to Bind operations... or
initial discovery of security features.

Anyways, food for thought.

Follow-Ups:
- Re: StartTLS and referral
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: Protocol Action: IANA Considerations for LDAP to BCP
Next by Date: RE: WG Consensus: Abandon Operation
Index(es):
- Chronological
- Thread