Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

more security considerations #24

Merged
merged 8 commits into from
Aug 30, 2024
Merged

more security considerations #24

merged 8 commits into from
Aug 30, 2024

Conversation

thomas-fossati
Copy link
Collaborator

Fix #16

@thomas-fossati
more security considerations
59ef3da 
Fix #16

Signed-off-by: Thomas Fossati <[email protected]>
henkbirkholz
henkbirkholz reviewed Aug 28, 2024
View reviewed changes
Copy link
Member

@henkbirkholz henkbirkholz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about "caching" a TST before TTC or CTT? The TST basically tells at minimum "statement not younger than time in TST". By retrieving a TST and then using it later, you can shift that point "more into the past". That is probably is a threat, too?

draft-birkholz-cose-tsa-tst-header-parameter.md Outdated Show resolved Hide resolved
draft-birkholz-cose-tsa-tst-header-parameter.md Outdated Show resolved Hide resolved
@thomas-fossati
exit poetry, enter dullness
e75174a 
Signed-off-by: Thomas Fossati <[email protected]>
@thomas-fossati
Copy link
Collaborator Author

thomas-fossati commented Aug 28, 2024
edited
Loading

What about "caching" a TST before TTC or CTT?

In CTT that can't happen unless you can predict the COSE signature, i.e., the content of the datum.

The TST basically tells at minimum "statement not younger than time in TST". By retrieving a TST and then using it later, you can shift that point "more into the past". That is probably is a threat, too?

Sorry, I don't understand this. You are making a similar point in #25 which I am also failing to grok. To me, a timestamp asserts the existence of a datum at least at the point in time when the timestamp for that datum is created. I cannot fathom an attack in which pushing the existence of the datum back in time is an attack on the intended use of the datum.

@thomas-fossati
some improvements in the prose
ef88042 
Signed-off-by: Thomas Fossati <[email protected]>
henkbirkholz
henkbirkholz approved these changes Aug 30, 2024
View reviewed changes
Copy link
Member

@henkbirkholz henkbirkholz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ltgm

@thomas-fossati thomas-fossati merged commit 6f0b004 into main Aug 30, 2024
2 checks passed
@thomas-fossati thomas-fossati deleted the seccons++ branch August 30, 2024 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henkbirkholz henkbirkholz henkbirkholz approved these changes

@letmaik letmaik Awaiting requested review from letmaik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"heavier" security considerations
2 participants
@thomas-fossati @henkbirkholz