search

scionassociation / scion-cppki_I-D

Specification of the SCION control-plane PKI
https://scionassociation.github.io/scion-cppki_I-D/
Other
1 stars 0 forks source link

Anapaya review #38

Closed nicorusti closed 1 month ago

nicorusti commented 4 months ago

Points to be reviewed:

Links:

oncilla commented 1 month ago

Note that this is a sensitive TRC update, as the
certificate related to the compromised private key MUST be
replaced with an entirely new certificate (and not just changed).

This is not exactly true. If only the public key changes, and all other parameters are the same, It is a regular update AFAIK.

oncilla commented 1 month ago

A trust reset is only required in the case the number of
compromised keys at the same time is greater or equal than the
TRC's quorum (see Section 3.1.2.2.7).

and a invalid update has been produced and distributed in the network. I think if the compromise is noticed early enough and an Update is issued and distributed in the network, then there is nothing an attacker can do anymore. Nodes in the SCION network store all the TRCs they have seen, and history cannot be rewriten.

nicorusti commented 1 month ago

Right, I had a look at the two changes and I agree with you. I added your changes in https://github.com/scionassociation/scion-cppki_I-D/pull/46 , let me know if this is clear enough.

Are you done with reviewing the draft?

We also have https://github.com/scionassociation/scion-cppki_I-D/issues/28 , I'm looking for some ASN.1 experts to have a look :) Would you mind having a look?