Message189354
I would like to know what is the expected scenario:
- does the attacker only control the certificate?
- or does the attacker control both the certificate and the hostname being validated?
The reason is that the matching cost for a domain name fragment seems to be O(n**k), where n is the fragment length and k is the number of wildcards. Therefore, if the attacker controls both n and k, even limiting k to 2 already allows a quadratic complexity attack. |
|
Date |
User |
Action |
Args |
2013-05-16 10:56:39 | pitrou | set | recipients:
+ pitrou, iankko, fweimer |
2013-05-16 10:56:39 | pitrou | set | messageid: <1368701799.41.0.969214493064.issue17980@psf.upfronthosting.co.za> |
2013-05-16 10:56:39 | pitrou | link | issue17980 messages |
2013-05-16 10:56:39 | pitrou | create | |
|