Enforce same origin for RRDP files - Githubissues

NICMx / FORT-validator

RPKI cache validator

MIT License

47 stars 22 forks source link

Enforce same origin for RRDP files #112

Open ydahhrk opened 2 months ago

ydahhrk commented 2 months ago

draft-spaghetti-sidrops-rrdp-same-origin:

Reject RRDP Snapshots and Deltas if they're not hosted by the same origin as the Notification.
Reject HTTP redirects to different origins.

This should prevent malicious notifications from wasting other servers' bandwidth by abusing Fort.

Currently in development in the draft-spaghetti-sidrops-rrdp-same-origin branch.