26 Feb
2013
26 Feb
'13
6:12 p.m.
On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:
If the domain in a certificate were not interpreted as a FQDN by the client, this would mean, that the certificate for CN=bigbank.example.com might be used to authenticate a connection to https://bigbank.example.com which do the local resolver search order, is in fact a DNS lookup of bigbank.example.com.intranet.example.com
Which might be captured by a Wildcard A record for *.com found in the intranet.example.com. zone and pointed to a server containing a phishing attack against bigbank.example.com; with a DNS cache poisoned by a false negative cache NXDOMAIN entry for bigbank.example.com.
I am *sooo* tempted to say "I recommend my competitors do DNS lookups this way" :)