Suppose one of the accepted root certs of a CT Log expires on Jan5 of a year.
After Jan5, the CA who owned the root cert, is no longer required to keep the keys for that root certificate a secret, or protected in any way [needs citation]. So suppose on Jan6 an attacker gets hold of the keys for that now-expired root cert.
Suppose said attacker then issues loads (for some value of loads that would be too much for a log to handle) of certificates that have a ‘Not After’ value of Jan4. These would be already-expired certificates, so are no use for server impersonation, but could be used to attack a CT Log if it accepts expired certificates…
Suppose on Jan6 the attacker submits all of the loads of certificates to the Log. The Log could be DoS’d into oblivion, and/or filled until it reaches a size greater than the Log can handle.
Mitigation:
Recommend that CT Logs only accept certificates that have a 'Not After' value later than the time of submission to the Log.
Potential Attack:
Mitigation:
Recommend that CT Logs only accept certificates that have a 'Not After' value later than the time of submission to the Log.