Closed Bug 1503352 Opened 6 years ago Closed 11 months ago

generate signed tree heads for the binary transparency information created per release

Categories

(Release Engineering :: Release Automation: Other, enhancement)

Product:
Release Engineering
Component:
Release Automation: Other
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: keeler, Unassigned)

References

Details

In bug 1342974, we added code that generates binary transparency information per release. However, while that information does include the tree head hash, it doesn't include a signed tree head.

There is an argument to be made that we don't need to verify a signed tree head because the tree head hash will be put into a certificate (in the subject alternative names field as something like "hashhalf1.hashhalf2.version.fx-trans.net") issued by a CA that we can (and should) verify (both for being correctly signed and potentially for being properly disclosed in a CT log). However, having a (few) key(s) that we trust gives us a way to protect against an attacker tricking a CA into issuing a certificate for a domain-name-ified hash of a merkle tree that they created. (CT doesn't prevent misissuance - it gives us a way to detect it.)

The structure of a signed tree head is in https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-28#section-4.10
Severity: normal → N/A

As far as I can tell this effort died down some years ago; closing.

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.