1

If you buy a domain, you may think you then have full control over its sub-domains. Well, not necessarily true. As this question and its answers point out, you may need multiple SSL certificates to cover multi-level sub-domains because wildcard matching only works with a single level of sub-domain (ref).

For example, *.example.com will match foo.example.com but not bar.foo.example.com.

I simply cannot figure out the security concerns therein. My best guess is that it may reduce the number of victims when the certificate is compromised. Are there any other valid security benefits from the wildcard matching restriction?

EDIT: Not a dup. The answers to that question are hardly satisfying from a security point of view. They are either too simple or focusing on something else.

Cyker
  • 1,613
  • 12
  • 17
  • Also worth noting: you do have full control over a domain you purchase. What you not have full control over is the certificates you buy. – Tobi Nary Nov 26 '17 at 17:53
  • The question matches, but the answers are basically "because writing software is hard and people will get it wrong", which is hardly satisfying :/ – Mike Ounsworth Nov 26 '17 at 17:54
  • @SteffenUllrich Read that answer. It said: *the core business of a professional CA is to sell many certificates, and wildcard certificates don't help for that.* – Cyker Nov 26 '17 at 17:57
  • @Cyker: this is a very narrow and IMHO wrong interpretation of the extensive answer. What you treat as essence of the answer I would consider only a small remark. – Steffen Ullrich Nov 26 '17 at 18:00
  • @MikeOunsworth: I think the answer is not satisfying since there is no satisfying answer to the question of why multi-level wildcards are not allowed :) – Steffen Ullrich Nov 26 '17 at 18:01
  • @SteffenUllrich So I kept reading on and finally it concludes that: *which all come down to money, in the long run*. Well, I understand this restriction makes good money but I'm wondering whether it makes Internet users more secure. – Cyker Nov 26 '17 at 18:03
  • If the other question is asking the same thing, but the answers aren't satisfactory, then you should use [one of the methods](https://security.meta.stackexchange.com/q/2789/16960) for getting new answers on it, rather than spreading knowledge across several different questions. – Xiong Chiamiov Nov 27 '17 at 20:45
  • @XiongChiamiov The post you referred doesn't apply here. It asks what to do when there is NO answer to an old question. But the question mentioned here already got answers and one of them was accepted. – Cyker Nov 28 '17 at 03:02

2 Answers2

2

A certificate should be issued for the entity which manages the specific domain. There are environments where different sub-domains are managed by different entities. This is for example often the case within universities where different departments have their own sub-domain and have their own systems within this sub-domain. These systems are usually managed by the department itself and not centrally by the university.

If *.example.com would match every sub-domain and subsub-domain it would not be possible to limit the wildcard certificate to only match the hosts managed by the specific entity.

Apart from that domains were used differently at the time when these standards were made. The domain name system was actually designed to be used more hierarchical then it is used today. The idea was to use the domain name as the main entry point for an organisation, have sub-domains for organisational parts of the organisations like departments and have hostnames within the sub-domains and main domain to identify systems. Using just the main domain name as in example.com instead of www.example.com is a "relatively" new thing and also multi-level sub-domains without having any organisational structure behind it. In this "old" world a design of having the wildcard matching only a single part made more sense than it seems to make today where it is often more important that a domain name looks fancy than that it reflects an actual organisational structure.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Wikipedia has [language].wikiepdia.com, and my alma mater has math.uchicago.edu for the math department (and individual professors have math.uchicago.edu/~drh). Is this in line with how people were expecting to use it? – Stella Biderman Nov 26 '17 at 20:49
  • @StellaBiderman: [language].wikipedia.com fits the traditional scheme. Regarding math.uchicago... - if there is also ftp.math... , mail.math... etc then it is not the traditional use since a name was considered either an organisational structure or an actual system but not both. – Steffen Ullrich Nov 27 '17 at 06:06
1

My understanding is that a lot of sites that offered hosting services got in trouble with this.

Example: imagine a site cheaphosting.com offers you to register domains under sites.cheaphosting.com. So I go set up a website at mike.sites.cheaphosting.com. Maybe I'm handling credit card transactions, so I get myself a TLS certificate for my site.

Now, if CheapHosting, inc has a wildcard cert for *.cheaphosting.com and the subdomain limitation wasn't there, then they would be able to use this cert to man-in-the-middle my site so that anyone connecting to mike.sites.cheaphosting.com will still get the green lock in their browser, even though the connection is being evesdropped by the higher-level wildcard cert.

Similarly, if a bad guy ever got hold of a wildcard certificate for *.com with no subdomain limit, then they could man-in-the-middle 3/4 of the internet! So let's just ban that outright.

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
  • 1
    *"if a bad guy ever got hold of a wildcard certificate for *.com"* - no CA should issue such a certificate. And at least Chrome and FF check the [public suffix](https://publicsuffix.org/) and would not accept this certificate. I don't know about IE/Edge. – Steffen Ullrich Nov 26 '17 at 18:04
  • @SteffenUllrich Oh I agree that no CA should issue it. Does that mean it's impossible? I like that you're going around commenting on all the answers, rather than posting any yourself. I'll be happy to upvote a better answer. – Mike Ounsworth Nov 26 '17 at 18:24
  • A CA has to publish all signed certificates to a certificate log, so if someone creates a wildcard certificate for *.co.uk, people will discover that and the CA would loose all it's trust. And trust is the only thing that keeps them in the trusted CA repository. – Johannes Kuhn Nov 27 '17 at 04:41
  • As much as @MikeOunsworth 's example with .com is "unrealistic" it is a wonderful example – niilzon Nov 27 '17 at 08:27
  • @JohannesKuhn While less broad in the damage they can do, don't forget about private corporate CAs; you may have your company or school's root cert installed, and those CAs are under no obligation to log to CT. In general though, yeah, a public CA would get caught after a few days if they issued `*.com`. – Mike Ounsworth Nov 27 '17 at 12:21
  • 1
    @JohannesKuhn I like your comment that "trust is the only thing that keeps them in the trusted CA repository". Actually I'm also interested in how that trust is managed nowadays. It's hard to believe we trust a website simply because somebody we never know has trusted it. It's a little bit out of topic for this question, though. – Cyker Nov 28 '17 at 03:05
  • 1
    @Cyker Yeah. The whole stack of turtles for TLS rests on Certificate Authorities being honest when they say they background checked a website before issuing them a cert, on an browsers and Certificate Transparency logs monitoring them to make sure they stay honest. _(since I work for a CA, I can tell you the auditing requirements to stay in Firefox and Chrome are very strict)_ – Mike Ounsworth Nov 28 '17 at 03:08