Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit the certificate signature algorithms that logs are permitted to accept #13

Open
robstradling opened this issue Feb 2, 2018 · 0 comments

Comments

@robstradling
Copy link

RFC6962 notes that "In order to avoid logs being spammed into uselessness, it is required that each chain is rooted in a known CA certificate." If a log accepts certificates that are signed with weak signature algorithms (e.g., md2WithRSAEncryption, md5WithRSAEncryption), there may be a risk that an attacker could mint fake certificates (where the hash of the TBSCertificate matches that of an existing certificate) at a rate that's fast enough to spam the log into uselessness.

This issue could be mitigated by policy, perhaps by requiring logs to...

  • not accept certificates signed using certain (weak) signature algorithms (i.e., blacklist).
    or
  • only accept certificates signed using certain (non-weak) signature algorithms (i.e., whitelist).
    or
  • implement rate limiting for certain (weak) signature algorithms.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant