Closed Bug 1198614 Opened 9 years ago Closed 8 years ago

Add a signing capability for the storage server

Categories

(Cloud Services :: Server: Other, defect)

Product:
Cloud Services
Component:
Server: Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: tarek, Assigned: alexis+bugs)

References

Details

Basics
------

    - Updater has a public + private certificate that can be used to sign a hash of the records + the collection.

    - Destination has the updater's public certificate that can be used to check the signature of the records.

    - Each Certificate Revocation Entry is represented with its fingerprint (it can be intermediates certificates fingerprint)

    - All the hashing and signing is done on the clients to avoid attack vectors (if an attacker obtain access to the Kinto server)



First issuance of the list
--------------------------

    1. All items in the CRL are gathered and put in a collection of JSON items.

       Each item contains a client-side generated UUID. e.g.

> {"id": "b7dded96-8df0-8af8-449a-8bc47f71b4c4", 
>  "fingerprint": "11:D5:D2:0A:9A:F8:D9:FC:23:6E:5C:5C:30:EC:AF:68:F5:68:FB:A3"}


  2. Compute the collection hash, sign it and upload it to the server.


How to check for data integrity?
--------------------------------


    1. Gather all the records from the remote server + the collection hash and signature;

    2. Check the signature of the retrieved collection hash. Compute the collection hash locally. Check if it matches with the one retrieved from the server.



Update of the list
------------------

    1. Check the validity of the data we are building upon, as specified in "How to check data integrity".

    2. Add new records, as specified in "First issuance of the list".



How to compute the hash of the collection?
------------------------------------------

    1. Sort all items in the collection (by id);

    2. For each item, serialize the wanted fields (concat them together)

    3. Compute the hash from the serialization.


Steps forward
-------------

- Add the ability to store metadata information on collections on Kinto. https://github.com/Kinto/kinto/issues/158 This will be used to store the signature and hash.
- mgoodwin writing a kinto client in JS that will be burned into Firefox and take care of verifying signatures.
- Architecture to be more defined (where every machine leaves and how they are isolated from each other.
  How do we add caching to the mix etc).

Timelines
---------

- We want to have "something" in the browser by the end of this quarter; We'll have something shipped inside Firefox behind a flag to start with.
- 43 is the target to have this the earliest. We need to figure out how to connect to the HSM from AWS.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.