Open
Bug 1540642
Opened 5 years ago
Updated 2 years ago
Verifying multiple signatures for the same x5u is not efficient
Categories
(Core :: Security: PSM, enhancement, P3)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: leplatrem, Unassigned)
References
Details
(Whiteboard: [psm-backlog])
As noted by Gijs, when verifying signatures on several objects (like we do here), it seems like we re-parse the cert chain for every item (from response to string to internal cert object).
To help here, there could be another API endpoint that would take a list of signatures to be verified against the same cert chain and signer.
Note: This wouldn't fit the needs of other use-cases where the subsequent verifications don't happen in the same place (eg remote settings). Caching the certs structs in memory could be an option, if it makes sense.
Now that bug 1541942 has landed, this is a lot more straightforward to do (although fixing bug 1534600 would have a much larger impact on performance).
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•