Add additional restrictions on the TLS certificate

libp2p / specs

Technical specifications for the libp2p networking stack

https://libp2p.io

1.56k stars 273 forks source link

Add additional restrictions on the TLS certificate #255

Closed Demi-Marie closed 4 years ago

Demi-Marie commented 4 years ago

Require the NamedCurve encoding of elliptic curve parameters to prevent “Whose Curve Is It Anyway” attacks.
Forbid the subjectUniqueId and issuerUniqueId fields in certificates. These fields are essentially unused, and the Rust implementation rejects certificates that have them.
Require that optional NULL parameters of RSA-PSS AlgorithmIds be omitted. This corresponds to a SHOULD in RFC8017 and simplifies verification.
Forbid hash algorithms with output length less than 256 bits to prevent collision attacks.

Demi-Marie commented 4 years ago

Require that optional NULL parameters of RSA-PSS AlgorithmIds be omitted. This corresponds to a SHOULD in RFC8017 and simplifies verification.

Why do we make this a MUST? I'm not sure how I would implement a check for that in Go.

It’s a MUST on the generation side, not on the use side. The behavior on the use side is unspecified. libp2p-go-tls doesn’t use RSA-PSS for generating certificates, so it isn’t affected.

That said, this isn’t particularly important, as libp2p-quic now supports all four valid encodings. I will remove it.

Demi-Marie commented 4 years ago

@marten-seemann can you re-review?

Demi-Marie commented 4 years ago

@marten-seemann ping

Stebalien commented 4 years ago

Thank you both! :heart: