From cfe2b34669b1c80f6e3908e810a8a4a30ea88183 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sat, 25 Nov 2023 14:03:10 +0100 Subject: [PATCH] todo: merge in flooding text from ch8 --- book/source/04-certificates.md | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 868679e..5cd7c62 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -292,17 +292,6 @@ This process assumes that Bob knows the person known as `Alice Adams` and is con For more on third-party {term}`certifications`, see {ref}`third_party_cert`. -(cert-flooding)= -### Security considerations - -While a convenience for consumers, indiscriminately accepting and integrating {term}`third-party identity certifications` comes with significant risks. - -Without any restrictions in place, malicious entities can flood a {term}`certificate` with excessive {term}`certifications`. Called "certificate flooding," this form of digital vandalism grossly expands the {term}`certificate` size, making the {term}`certificate` cumbersome and impractical for users. - -It also opens the door to potential denial-of-service attacks, rendering the {term}`certificate` non-functional or significantly impeding its operation. - -The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019. - ## Advanced topics ### When are certificates valid? @@ -522,6 +511,7 @@ Some OpenPGP subsystems may add User IDs to a certificate, which are not bound t Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers. +(cert-flooding)= ### Third-party certification flooding While a convenience for consumers, indiscriminately accepting and integrating third-party identity certifications comes with significant risks. @@ -530,4 +520,10 @@ Without any restrictions in place, malicious entities can flood a certificate wi It also opens the door to potential denial-of-service attacks, rendering the certificate non-functional or significantly impeding its operation. -The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019. +The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019. + +TODO: merge in text from ch8: + +```text +However, in systems that unconditionally accept these certifications, it can lead to unintended consequences. Specifically, this approach has been exploited to cause denial-of-service attacks through [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), a problem notably experienced by the SKS network of OpenPGP servers. +```