Rails - Mar 2007 - SSL cert - mydomain.com? or www.mydomain.com?

I''m getting my first SSL cert and have to specify whether the cert is
for https://mydomain.com or https://www.mydomain.com.  I''m guessing
there''s a signifant difference buried in that choice somewhere, but
have no idea what it is.  I''d sure like to avoid "painting myself
into a corner."  Can someone point me to something that would help me
understand the implications of the choice I make?

Thanks,
Bill
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Bill Walton said the following on 03/02/2007 12:16 AM:
> I''m getting my first SSL cert and have to specify whether the cert
is
> for https://mydomain.com or https://www.mydomain.com.  I''m
guessing
> there''s a signifant difference buried in that choice somewhere,
but have
> no idea what it is.  I''d sure like to avoid "painting myself
into a
> corner."  Can someone point me to something that would help me
> understand the implications of the choice I make?
You are correct to be concerned.
The lack of ability of X.509 to deal with ''aliases'' and to
interpret DNS and
other directory information is a known shortcoming and problem.

Most hosting services off the ability to alias the two URL forms - this is
easy with DNS.   From an end users point of view they are the same.
Browsers will convert "mydomain" into "mydomain.com" and
"www.myomain.com"
transparently for the user even if DNS does not do the aliasing.  But the
roots of X.509 are tied up with the ISO-RM which was rather antagonistic to
the IETF IP model.  Its addressing structure was "prescriptive" and if
not
actually authoritarian then highly paternalistic (aka ''we know
what''s good
for you and you should do it this way!''), so this user convenience did
not
exist.

You could, of course, bind to an IP address, but that limits you in other
ways :-(

So you are left with two solutions.

   a) but a cert for each "domain" and don''t do DNS aliasing
        but have, in effect, two sites that use the same database

   b) pick one as the ''real one and set up the DNS for the other
        to point to a page that redirects to the real one


While about it, write to the IETF and tell them that you''re annoyed
that
X.509 doesn''t support aliasing and throw your support behind the groups
that
are working to address this matter in future releases.

-- 
Man does not live by words alone, despite the fact that sometimes he has to
eat them.
    Adlai E. Stevenson Jr., quoted by Human Behavior, May 1978

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Anton,

Anton Aylward wrote:
> Bill Walton said the following on 03/02/2007 12:16 AM:
>> I''m getting my first SSL cert and have to specify whether the
cert is
>> for https://mydomain.com or https://www.mydomain.com.
> You are correct to be concerned.
> The lack of ability of X.509 to deal with ''aliases'' and
to interpret
> DNS and other directory information is a known shortcoming
> and problem.
Sorry to be so dense.  Like I said... first-timer.  I may be missing other 
stuff too, but after thinking about it, my primary concern at this point is 
about my desire to put parts of my app under SSL and to leave other parts 
unsecured.

For example:
www.mydomain.com  - unsecured
www.mydomain.com/create  - all methods in the create controller under SSL

My understanding was that I could just put a before_filter on the 
controllers I want to have secured so that any request to, for example, 
http://www.mydomain.com/create/  would actually go to 
https://www.mydomain.com/create.

Is that right?  And if so, is one of the choices I''m being given (this
is on
a hosted VPS account with private IP) going to handle this better than the 
other?

Thanks very much for your help.

Best regards,
Bill 



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 3/2/07, Bill Walton
<bill.walton-xwVYE8SWAR3R7s880joybQ@public.gmane.org>
wrote:
>
> Sorry to be so dense.  Like I said... first-timer.  I may be missing other
> stuff too, but after thinking about it, my primary concern at this point is
> about my desire to put parts of my app under SSL and to leave other parts
> unsecured.
>
> For example:
> www.mydomain.com  - unsecured
> www.mydomain.com/create  - all methods in the create controller under SSL
>
> My understanding was that I could just put a before_filter on the
> controllers I want to have secured so that any request to, for example,
> http://www.mydomain.com/create/  would actually go to
> https://www.mydomain.com/create.
>
> Is that right?  And if so, is one of the choices I''m being given
(this is on
> a hosted VPS account with private IP) going to handle this better than the
> other?
>
Use the ssl_requirements plugin for this.  You can specify which
actions should be run through https.

As far as the ssl cert, you can always buy a wildcard cert if you want
all options open.  Otherwise buy www.mydomain.com and save some money.

Hope this helps.

--
Zack Chandler
http://depixelate.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Zack,

Zack Chandler wrote:
>> My understanding was that I could just put a before_filter on the
>> controllers I want to have secured so that any request to, for example,
>> http://www.mydomain.com/create/  would actually go to
>> https://www.mydomain.com/create.
>>
> 
> Use the ssl_requirements plugin for this.  You can specify which
> actions should be run through https.
 >
> As far as the ssl cert, you can always buy a wildcard cert if you 
> want all options open.  Otherwise buy www.mydomain.com and 
> save some money.
> 
> Hope this helps.
Thanks, Zack.  That was exactly the info and advice I was hoping for.

Best regards,
Bill


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

> I''m getting my first SSL cert and have to specify whether the cert
is
> for https://mydomain.com or https://www.mydomain.com.  I''m
guessing
> there''s a signifant difference buried in that choice somewhere,
but have
> no idea what it is.  I''d sure like to avoid "painting myself
into a
> corner."  Can someone point me to something that would help me 
> understand the implications of the choice I make?
You could also get a wildcard certificate...

http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcard-ssl-certificate.htm

I''m sure other providers have them as well, not endorsing rapidssl 
necessarily.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Using a wild-card certificate means that there is no means to identify the
host you are connecting to is the host you intend to connect to.

Speaking as someone who makes his living in the security world I would say
that this invalidates so much about what TLS/SSL was designed to do.

Would I trust a site that uses one?  No.

Philip Hallstrom said the following on 03/02/2007 11:19
AM:
>> I''m getting my first SSL cert and have to specify whether the
cert is
>> for https://mydomain.com or https://www.mydomain.com.  I''m
guessing
>> there''s a signifant difference buried in that choice
somewhere, but have
>> no idea what it is.  I''d sure like to avoid "painting
myself into a
>> corner."  Can someone point me to something that would help me 
>> understand the implications of the choice I make?
> 
> You could also get a wildcard certificate...
> 
>
http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcard-ssl-certificate.htm
> 
> I''m sure other providers have them as well, not endorsing rapidssl
> necessarily.
-- 
Many of the characters are fools and they are always playing
tricks on me and treating me badly.
   -- Jorge Luis Borges, from "Writers on Writing" by Jon Winokur

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> Using a wild-card certificate means that there is no means to identify 
> the
> host you are connecting to is the host you intend to connect to.
> 
> Speaking as someone who makes his living in the security world I would 
> say
> that this invalidates so much about what TLS/SSL was designed to do.
> 
> Would I trust a site that uses one?  No.
The wildcard only works for SUBdomains of a specific domain.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ehm, wildcard SSL certificates are valid for a specific domain and all
sub-domains of that domain.

So, for instance, I can secure...

mydomain.com
www.mydomain.com
store.mydomain.com
webmail.mydomain.com
etc...

... using one wildcard SSL certificate.  The padlock still shows up
and it''s a secure solution -- no doubt about it.

They are a little more expensive but I think they definitely have
their place on a site that partitions functionality under certain sub-
domains (see: logical).

Correct me if I''m wrong because I''ve been shopping wildcard
SSL''s for
the past couple days and am likely to purchase one soon.

On Mar 2, 1:38 pm, Anton Aylward <a...-XdPx9462FWc@public.gmane.org>
wrote:
> Using a wild-card certificate means that there is no means to identify the
> host you are connecting to is the host you intend to connect to.
>
> Speaking as someone who makes his living in the security world I would say
> that this invalidates so much about what TLS/SSL was designed to do.
>
> Would I trust a site that uses one?  No.
>
> Philip Hallstrom said the following on 03/02/2007 11:19 AM:
>
> >> I''m getting my first SSL cert and have to specify whether
the cert is
> >> forhttps://mydomain.comorhttps://www.mydomain.com.  I''m
guessing
> >> there''s a signifant difference buried in that choice
somewhere, but have
> >> no idea what it is.  I''d sure like to avoid
"painting myself into a
> >> corner."  Can someone point me to something that would help
me
> >> understand the implications of the choice I make?
>
> > You could also get a wildcard certificate...
>
>
>http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcar...
>
> > I''m sure other providers have them as well, not endorsing
rapidssl
> > necessarily.
>
> --
> Many of the characters are fools and they are always playing
> tricks on me and treating me badly.
>    -- Jorge Luis Borges, from "Writers on Writing" by Jon Winokur

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Indeed, you can secure all  the subdomains with a wild card certificate, but
you can''t be certain which host in the domain you are connecting to

         ChristianBooksForSale.mydomain.com
	 YourFavouritePorn.mydomain.com

This may not matter to you but it will matter to th customer.
Heck, it may matter to you if the customer gets upset about it or

The padlock showing up only says that a SSL connection been established.
You could do the same thing with a self-signed certificate.

From the vulnerability POV you have a common failure mod; an attacker only
needs to subvert on certificate and he has the whole domain. This means you
have a ''weakest link in the chain situation''.

Suppose you put the same certificate on a "test server" and on your
main
production server. The security from the SSL server authentication for your
main server will depend on the security on your test server.

You''ve in effect multiplied your risk.

The history of attacks is that the attackers don''t try for the
(established)
connection.  Its much easier to subvert the machine in any number of ways.
My newsfeeds tell me of more and more each week.

If cost is an issue, you may wish to investigate Reverse Proxying with a
single external certificate and multiple internal certificates (either
self-signed or issued from an internal CA).



Chris Grant said the following on 03/03/2007 02:52 PM:
> Ehm, wildcard SSL certificates are valid for a specific domain and all
> sub-domains of that domain.
> 
> So, for instance, I can secure...
> 
> mydomain.com
> www.mydomain.com
> store.mydomain.com
> webmail.mydomain.com
> etc...
> 
> ... using one wildcard SSL certificate.  The padlock still shows up
> and it''s a secure solution -- no doubt about it.
> 
> They are a little more expensive but I think they definitely have
> their place on a site that partitions functionality under certain sub-
> domains (see: logical).
> 
> Correct me if I''m wrong because I''ve been shopping
wildcard SSL''s for
> the past couple days and am likely to purchase one soon.
> 
> On Mar 2, 1:38 pm, Anton Aylward <a...-XdPx9462FWc@public.gmane.org>
wrote:
>> Using a wild-card certificate means that there is no means to identify
the
>> host you are connecting to is the host you intend to connect to.
>>
>> Speaking as someone who makes his living in the security world I would
say
>> that this invalidates so much about what TLS/SSL was designed to do.
>>
>> Would I trust a site that uses one?  No.
>>
>> Philip Hallstrom said the following on 03/02/2007 11:19 AM:
>>
>>>> I''m getting my first SSL cert and have to specify
whether the cert is
>>>> forhttps://mydomain.comorhttps://www.mydomain.com. 
I''m guessing
>>>> there''s a signifant difference buried in that choice
somewhere, but have
>>>> no idea what it is.  I''d sure like to avoid
"painting myself into a
>>>> corner."  Can someone point me to something that would
help me
>>>> understand the implications of the choice I make?
>>> You could also get a wildcard certificate...
>>>
http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcar...
>>> I''m sure other providers have them as well, not endorsing
rapidssl
>>> necessarily.
>> --
>> Many of the characters are fools and they are always playing
>> tricks on me and treating me badly.
>>    -- Jorge Luis Borges, from "Writers on Writing" by Jon
Winokur
> 
> 
> 
-- 
I''m always interested when [cold callers] try to flog conservatories.
Anyone who can actually attach a conservatory to a fourth floor flat
stands a marginally better than average chance of winning my custom.
(Seen on Usenet)

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> Suppose you put the same certificate on a "test server" and on
your main
> production server. The security from the SSL server authentication for 
> your
> main server will depend on the security on your test server.
So you would buy a certificate for a test server? That doesn''t make any
sense.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andreas Schwarz said the following on 03/03/2007 06:06
PM:
> Anton Aylward wrote:
>> Suppose you put the same certificate on a "test server" and
on your main
>> production server. The security from the SSL server authentication for 
>> your
>> main server will depend on the security on your test server.
> 
> So you would buy a certificate for a test server? That doesn''t
make any
> sense.
> 
Right.  but when you buy a wildcard cert that''s what you''ve
done.  You''ve
bought a cert for EVERY machine in your domain.

Including the ones you haven''t secured.

-
A program designed for inputs from people is usually stressed beyond
breaking point by computer-generated inputs. -- Dennis Ritchie

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> Andreas Schwarz said the following on 03/03/2007 06:06 PM:
>> Anton Aylward wrote:
>>> Suppose you put the same certificate on a "test server"
and on your main
>>> production server. The security from the SSL server authentication
for
>>> your
>>> main server will depend on the security on your test server.
>> 
>> So you would buy a certificate for a test server? That doesn''t
make any
>> sense.
>> 
> 
> Right.  but when you buy a wildcard cert that''s what
you''ve done.
> You''ve
> bought a cert for EVERY machine in your domain.
> 
> Including the ones you haven''t secured.
It doesn''t make any sense to use the key on a test server - a 
self-signed key is sufficient for testing - so even if an attacker 
manages to break into the test server, he still needs to break into the 
main server to steal the key. You are right that in theory it increases 
the risk a little bit, because the attacker has to use the main server 
only for stealing the key, not to set up his evil application, but the 
whole thing is still a rather far-fetched scenario. There is always a 
tradeoff between security and cost/effort, and I think using a wildcard 
certificate is a good tradeoff.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andreas Schwarz said the following on 03/04/2007 07:38
AM:
> 
> It doesn''t make any sense to use the key on a test server - a 
> self-signed key is sufficient for testing - so even if an attacker 
> manages to break into the test server, he still needs to break into the 
> main server to steal the key. 
True, bit you''re missing the point.  The wildcard covers your whole
domain.

Once on the test server an attacker can use that as a platform to gain more
information and launch other attack.  He''s "inside" the
''ring of protection''
now. His view of what''s valuable and your view may differ.  He may not
be
out to steal your cert, he might want to use your platform to run some
''bot
to carry out a DDoS on another site, act as a site for some phishing
expedition, store warez, store child pornography for a ring, act as a
store/server of material that is violating copyright such as movies or
songs.   Who knows.  Whatever: its your loss, your cost - perhaps legal cost
 proving you weren''t culpable.  Maybe the DMCA police cart off your
machine
& software and you have to institute legal action to get it back.

All this has happened out there in the real world.

> You are right that in theory it increases 
> the risk a little bit, because the attacker has to use the main server 
> only for stealing the key, not to set up his evil application, but the 
> whole thing is still a rather far-fetched scenario. 
All attack models seem far fetched to the site owners, I''ve found,
until the
hackers come along and demonstrate more creativity and ingenuity than we
expected.  That has been the consistent history of network and host
security.  "I didn''t think they could do that" - but they
did!

The point isn''t that about what you think possible but that that
you''ve
opened up a whole new set of avenues without instituting specific controls
to address them.
> There is always a 
> tradeoff between security and cost/effort, and I think using a wildcard 
> certificate is a good tradeoff.
Your decision.
It seems far removed from your original issue.


-- 
  Intruder Alert
  Black channels of unknown song
  Whisper through your walls

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> True, bit you''re missing the point.  The wildcard covers your
whole
> domain.
> 
> Once on the test server an attacker can use that as a platform to gain 
more
> information and launch other attack.  He''s "inside" the
''ring of  protection''
> now. His view of what''s valuable and your view may differ.  He may
not be
> out to steal your cert, he might want to use your platform to run some
''bot
> to carry out a DDoS on another site, act as a site for some phishing
> expedition, store warez, store child p0rnography for a ring, act as a
> store/server of material that is violating copyright such as movies or
> songs.   Who knows.  Whatever: its your loss, your cost - perhaps legal 
> cost proving you weren''t culpable.
Er... and what''s this all got to do with the certificate?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andreas Schwarz said the following on 03/04/2007 08:19
AM:
> Anton Aylward wrote:
>> True, bit you''re missing the point.  The wildcard covers your
whole
>> domain.
>>
>> Once on the test server an attacker can use that as a platform to gain 
more
>> information and launch other attack.  He''s "inside"
the ''ring of  protection''
>> now. His view of what''s valuable and your view may differ.  He
may not be
>> out to steal your cert, he might want to use your platform to run some
''bot
>> to carry out a DDoS on another site, act as a site for some phishing
>> expedition, store warez, store child p0rnography for a ring, act as a
>> store/server of material that is violating copyright such as movies or
>> songs.   Who knows.  Whatever: its your loss, your cost - perhaps legal
>> cost proving you weren''t culpable.
> 
> Er... and what''s this all got to do with the certificate?
Do you think that in order to get the information or subvert the protection
offered by the certificate an attacker will do a head''s on attack on
the
cert?  No Way!  Most attacks and subversion are step-by-step going for back
door or weaknesses elsewhere and using them as a springboard.

All the certificate does is encrypt traffic.  It doesn''t protect your
site.
In particular it doesn''t protect your site from any problem that might
plague a web service or a server or a machine connected to the Internet.

If you do have traffic or transactions that you want to protect you''ll
need
more than a certificate!  What you''ll need will depend on many factors;
how
you''ve coded, specifics of your network ... Wildcard certs are like
wildcards in DNS, they can produce some unexpected side effects.
Incidentally, do you have complete _and_ _sole_ control of your DNS?



-- 
"Objectives are not fate; they are direction. They are not commands; they
are commitments. They do not determine the future; they are a means to
mobilize resources and energies of the business for the making of the
future."
   -- Peter F. Drucker.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> Andreas Schwarz said the following on 03/04/2007 08:19 AM:
>>> store/server of material that is violating copyright such as movies
or
>>> songs.   Who knows.  Whatever: its your loss, your cost - perhaps
legal
>>> cost proving you weren''t culpable.
>> 
>> Er... and what''s this all got to do with the certificate?
> 
> Do you think that in order to get the information or subvert the 
> protection
> offered by the certificate an attacker will do a head''s on attack
on the
> cert?  No Way!  Most attacks and subversion are step-by-step going for 
> back
> door or weaknesses elsewhere and using them as a springboard.
Again: what has this all got to do with the wildcard certificate? If 
someone gains control over an unsecured "test server", it
doesn''t matter
if you have a wildcard certificates that includes the domain of the test 
server or not. Without the secret key the attacker can''t do anything.
If
the attacker CAN get the secret key from the main server, he most likely 
could also modify websites directly or do all kinds of other stuff. So 
in most cases the security advantage of a seperate certificate for each 
subdomain is really irrelevant.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andreas Schwarz said the following on 03/04/2007 08:18
PM:
> 
> server or not. Without the secret key the attacker can''t do
anything.
Not so.
If the attacked can subvert any machine in the domain he can do things that
neither of us can guess a and are limited only by his skill.

It has nothing whatsoever to do with getting the key.
> So 
> in most cases the security advantage of a seperate certificate for each 
> subdomain is really irrelevant.
Only if you apply the same security policy to all - which you are doing
explicitly with the ''shared'' cert.

This gets back to much earlier in the discussion, before the wildcard
''shared'' cert came up.

What are you trying to protect?   The SSL link - which is all the cert
allows you to protect - is a transient thing.  There is a long history of
"SSL Enabled" sites being subverted and the information that goes over
the
link obtained without cracking the crypto.

As I said, attackers rarely attack head on.


-- 
Like all weak men he laid an exaggerated stress on not changing one''s
mind.
    W. Somerset Maugham, "Of Human Bondage", 1915

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Anton Aylward wrote:
> Andreas Schwarz said the following on 03/04/2007 08:18 PM:
>> 
>> server or not. Without the secret key the attacker can''t do
anything.
> 
> Not so.
> If the attacked can subvert any machine in the domain he can do things 
> that
> neither of us can guess a and are limited only by his skill.
> 
> It has nothing whatsoever to do with getting the key.
For the third time: what does this all have to do with wildcard 
certificates? You said you wouldn''t trust a site with a wildcard cert. 
Why? The only difference between a wildcard cert and a normal cert is 
granularity.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---