gnarea
commented
4 years ago This is actually an issue with the spec as the JVM library is also affected, so I'll track this bug in https://github.com/relaynet/specs/issues/57
Open gnarea opened 4 years ago
gnarea
commented
4 years ago This is actually an issue with the spec as the JVM library is also affected, so I'll track this bug in https://github.com/relaynet/specs/issues/57
gnarea
commented
2 years ago I'm reopening this so that I can track it in the Maintenance board for Relaycorp.
Generating a DER-encoded SignedData value with a content of 8 MiB takes 6-9 seconds on my computer, which could make the public gateway susceptible to severe availability issues.
Nearly all that time is spent serialising the ContentInfo/SignedData object to a DER ByteArray (constructing those objects and calling
SignedData.sign()takes 60ms and 5ms, respectively). Roughly 66% of the serialisation time is spent encoding theSignedDatavalue and the remainder serialising theContentInfowrapper.Verifying such large values takes just over 300ms on the same computer after some optimisations.
The culprit has to be the ASN1.js and/or PKI.js libraries, although having the plaintext embedded in the CMS SignedData certainly doesn't help. So broadly speaking, our options are: