blob: f70857a3ee20b689ca71f7377833a1b639f8c839 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
The following are unclear to me.
- Following up on validating AS numbers for certificates. The
specification is not clear on what happens with empty AS extensions in
a chain of certificates. Do we consider that inheritence? If so,
what's the point of having an inheritence clause?
- I get that ASid 0 has special meaning for ROAs (see RFC 6483 sec 4),
but it doesn't make sense that some top-level certificates (e.g.,
Afrinic) have a range inclusive of zero, since it's reserved. In this
system, I let the range through but don't let a specific ASid of 0 in
certificates---only ROAs.
- VRP duplication. When run as-is, there are duplicate VRPs and
that doesn't seem right. It happens when two ROAs have their validity
period overlap. I need to see if there's a more programmatic way to
check before commiting the routes to output.
- (Not a particular helpful security measure, but...) The validators
should all be run in their own process: the syntax parser should not
be performing the route validation. This is a mechanical step, as all
the logic to do so is in place.
- (**Important**.) Using `X509_STORE` and validating using
`X509_verify_cert` is overkill and costs us the most in performance
because it effectively re-validates the entire chain. Instead, apply
the immediate parent as the "trusted" certificate once it has been
validated.
- (**Important**.) Stipulating `X509_V_FLAG_IGNORE_CRITICAL` might be
dangerous. Which extensions are being ignored should be
double-checked.
|
