Closed
Bug 1503352
Opened 6 years ago
Closed 11 months ago
generate signed tree heads for the binary transparency information created per release
Categories
(Release Engineering :: Release Automation: Other, enhancement)
Release Engineering
Release Automation: Other
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: keeler, Unassigned)
References
Details
In bug 1342974, we added code that generates binary transparency information per release. However, while that information does include the tree head hash, it doesn't include a signed tree head. There is an argument to be made that we don't need to verify a signed tree head because the tree head hash will be put into a certificate (in the subject alternative names field as something like "hashhalf1.hashhalf2.version.fx-trans.net") issued by a CA that we can (and should) verify (both for being correctly signed and potentially for being properly disclosed in a CT log). However, having a (few) key(s) that we trust gives us a way to protect against an attacker tricking a CA into issuing a certificate for a domain-name-ified hash of a merkle tree that they created. (CT doesn't prevent misissuance - it gives us a way to detect it.) The structure of a signed tree head is in https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-28#section-4.10
Updated•11 months ago
|
Severity: normal → N/A
Comment 1•11 months ago
|
||
As far as I can tell this effort died down some years ago; closing.
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•