Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Ncat Wildcard Matching rules
From: venkat sanaka <venkatsanaka () gmail com>
Date: Sat, 13 Jun 2009 14:35:54 +0530

Hi all

I have been working on to add wildcard matching support
for ncat so that it can accept wildcard ssl certificates aswell.
But i have a problem in implementation of matching rules
as there are different RFCs (like RFC 2595,RFC 2818,RFC 4513)
saying different matching rules.

Moreover the browsers and other ssl clients also had their own
wildcard matching rules without following any of the RFCs.

The slide No.5 of this presentation explains these differences
in wildcard matching rules very briefly.
https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf

see this site for more info on this issue:
http://wiki.cacert.org/wiki/WildcardCertificates

First i thought of implementing the IE's way of doing this as those rules
are pretty close to what RFC 2818 says and more secure but
later taken aback after some discussion with david.

We decided to find out first how common is the usage
of wildcard certifiates and thereby either leaving this completely
or making it a low priority if there aren't many.For this we thought
of having a SSL certificate retrieval NSE script which scans
10,000 SSL web servers and see what they have in their certificates.

Any further thoughts,opinions and suggestions please :)

Regards
Venkat

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault