false duplicates are possible #55
Comments
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 25, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 25, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 25, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 25, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 25, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 27, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 27, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 27, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 27, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 28, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 29, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jun 29, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Jul 31, 2016
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
rhansen
added a commit
to rhansen/rpstir
that referenced
this issue
Apr 17, 2020
The purpose of this code appears to be verification acceleration:
avoid performing expensive crypto work when the object has already
been verified. (The purpose isn't entirely clear due to lack of
explanatory comments.) However:
* It's unclear that this code actually improves performance in any
perceptable way. First, it's unclear how often an object is added
multiple times. Second, it's trading crypto work for database
operations.
* This code permits evil twin ROAs: A malicious CA can generate an
evil ROA with an EE certificate containing the same SKI as a valid
EE certificate. The malicious CA won't be able to produce a valid
signature for the evil ROA, but that doesn't matter because this
code shortcuts the signature check. Fortunately there's another
bug preventing this from being exploitable (issue bgpsecurity#55).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current duplicate RPKI object detection isn't strict enough. Malicious repositories could cause collisions of malicious objects with benign objects, invalidating those benign objects. Ideally duplicate detection should be done at the level of file hash.
Also see #28.
The text was updated successfully, but these errors were encountered: