vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

todo: merge in flooding text from ch8

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-25 14:03:10 +01:00
parent 87c2a65567
commit cfe2b34669
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 8 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

20
book/source/04-certificates.md
View file

@ -292,17 +292,6 @@ This process assumes that Bob knows the person known as `Alice Adams` and is con
For more on third-party {term}`certifications<Certification>`, see {ref}`third_party_cert`.
(cert-flooding)=
### Security considerations
While a convenience for consumers, indiscriminately accepting and integrating {term}`third-party identity certifications<Third-party Identity Certification>` comes with significant risks.
Without any restrictions in place, malicious entities can flood a {term}`certificate<OpenPGP Certificate>` with excessive {term}`certifications<Certification>`. Called "certificate flooding," this form of digital vandalism grossly expands the {term}`certificate<OpenPGP Certificate>` size, making the {term}`certificate<OpenPGP Certificate>` cumbersome and impractical for users.
It also opens the door to potential denial-of-service attacks, rendering the {term}`certificate<OpenPGP Certificate>` non-functional or significantly impeding its operation.
The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019.
## Advanced topics
### When are certificates valid?
@ -522,6 +511,7 @@ Some OpenPGP subsystems may add User IDs to a certificate, which are not bound t
Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers.
(cert-flooding)=
### Third-party certification flooding
While a convenience for consumers, indiscriminately accepting and integrating third-party identity certifications comes with significant risks.
@ -530,4 +520,10 @@ Without any restrictions in place, malicious entities can flood a certificate wi
It also opens the door to potential denial-of-service attacks, rendering the certificate non-functional or significantly impeding its operation.
The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019.
The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019.
TODO: merge in text from ch8:
```text
However, in systems that unconditionally accept these certifications, it can lead to unintended consequences. Specifically, this approach has been exploited to cause denial-of-service attacks through [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), a problem notably experienced by the SKS network of OpenPGP servers.
```