Open Bug 1540642 Opened 5 years ago Updated 2 years ago

Verifying multiple signatures for the same x5u is not efficient

Categories

(Core :: Security: PSM, enhancement, P3)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

People

(Reporter: leplatrem, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

As noted by Gijs, when verifying signatures on several objects (like we do here), it seems like we re-parse the cert chain for every item (from response to string to internal cert object).

To help here, there could be another API endpoint that would take a list of signatures to be verified against the same cert chain and signer.

Note: This wouldn't fit the needs of other use-cases where the subsequent verifications don't happen in the same place (eg remote settings). Caching the certs structs in memory could be an option, if it makes sense.

Now that bug 1541942 has landed, this is a lot more straightforward to do (although fixing bug 1534600 would have a much larger impact on performance).

Depends on: 1541942
Priority: -- → P3
Whiteboard: [psm-backlog]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.