vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

todo: merge in flooding text from ch8

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-25 14:03:10 +01:00
parent 87c2a65567
commit cfe2b34669
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 8 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

20
book/source/04-certificates.md
View file

@ -292,17 +292,6 @@ This process assumes that Bob knows the person known as `Alice Adams` and is con
For more on third-party {term}`certifications<Certification>`, see {ref}`third_party_cert`. For more on third-party {term}`certifications<Certification>`, see {ref}`third_party_cert`.
(cert-flooding)=
### Security considerations
While a convenience for consumers, indiscriminately accepting and integrating {term}`third-party identity certifications<Third-party Identity Certification>` comes with significant risks.
Without any restrictions in place, malicious entities can flood a {term}`certificate<OpenPGP Certificate>` with excessive {term}`certifications<Certification>`. Called "certificate flooding," this form of digital vandalism grossly expands the {term}`certificate<OpenPGP Certificate>` size, making the {term}`certificate<OpenPGP Certificate>` cumbersome and impractical for users.
It also opens the door to potential denial-of-service attacks, rendering the {term}`certificate<OpenPGP Certificate>` non-functional or significantly impeding its operation.
The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019.
## Advanced topics ## Advanced topics
### When are certificates valid? ### When are certificates valid?
@ -522,6 +511,7 @@ Some OpenPGP subsystems may add User IDs to a certificate, which are not bound t
Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers. Sequoia additionally certifies these foreign User IDs with the local trust root to facilitate authentication of certificates but marks all this additional signatures with a Non Exportable subpacket so that they are not visible when publishing the certificate e.g. on keyservers.
(cert-flooding)=
### Third-party certification flooding ### Third-party certification flooding
While a convenience for consumers, indiscriminately accepting and integrating third-party identity certifications comes with significant risks. While a convenience for consumers, indiscriminately accepting and integrating third-party identity certifications comes with significant risks.
@ -530,4 +520,10 @@ Without any restrictions in place, malicious entities can flood a certificate wi
It also opens the door to potential denial-of-service attacks, rendering the certificate non-functional or significantly impeding its operation. It also opens the door to potential denial-of-service attacks, rendering the certificate non-functional or significantly impeding its operation.
The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019. The popular [SKS keyserver network experienced certificate flooding firsthand](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), causing it to shut down operations in 2019.
TODO: merge in text from ch8:
```text
However, in systems that unconditionally accept these certifications, it can lead to unintended consequences. Specifically, this approach has been exploited to cause denial-of-service attacks through [certificate flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), a problem notably experienced by the SKS network of OpenPGP servers.
```