Open cryslith opened 6 years ago
celskeggs
commented
6 years ago I believe that we specified the signature algorithm in an attempt to avoid downgrade attacks. If we sign with a particularly weak algorithm, the signature might be spoofable.
We could replace this override with a check?
cryslith
commented
6 years ago This SignatureAlgorithm field refers to the algorithm used by the certificate itself to sign messages, not the algorithm used by the keyserver's cert to sign this cert. Also we shouldn't be accepting signatures in weak algorithms anyway, so whether we generate them or not doesn't matter.
The current CSR-signing code looks suspect to me.
We override the signature algorithm when signing; this looks suspect to me because the correct signature algorithm should already be specified in the template.
Relatedly, in TLSAuthority.Sign we should be creating the new certificate using the algorithms specified in the CSR. Are there any other aspects of the CSR we're failing to copy into the new cert?