You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suppose one of the accepted root certs of a CT Log expires on Jan5 of a year.
After Jan5, the CA who owned the root cert, is no longer required to keep the keys for that root certificate a secret, or protected in any way [needs citation]. So suppose on Jan6 an attacker gets hold of the keys for that now-expired root cert.
Suppose said attacker then issues loads (for some value of loads that would be too much for a log to handle) of certificates that have a ‘Not After’ value of Jan4. These would be already-expired certificates, so are no use for server impersonation, but could be used to attack a CT Log if it accepts expired certificates…
Suppose on Jan6 the attacker submits all of the loads of certificates to the Log. The Log could be DoS’d into oblivion, and/or filled until it reaches a size greater than the Log can handle.
Mitigation:
Recommend that CT Logs only accept certificates that have a 'Not After' value later than the time of submission to the Log.
The text was updated successfully, but these errors were encountered:
Potential Attack:
Mitigation:
Recommend that CT Logs only accept certificates that have a 'Not After' value later than the time of submission to the Log.
The text was updated successfully, but these errors were encountered: