New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User can authenticate a Replica (Ingress Reply Validation) #930

Closed

7 tasks

ghost opened this issue Aug 17, 2020 · 2 comments

Closed

7 tasks

User can authenticate a Replica (Ingress Reply Validation) #930

ghost opened this issue Aug 17, 2020 · 2 comments

ghost commented Aug 17, 2020 •

edited by hansl

Loading

Signing Update request with user identity
Ingress messages validated on Replica?
- Validate that we're talking to the "real" IC Registry
- Ask Registry where the Canister lives and get the public key of that SubNet
- Validate signature of Update response from Replica

Rust work: Validate Certification of Update Calls agent-rs#35
JS work: Validate Certification of Update Calls agent-js#22

ghost added this to the Sodium milestone

ghost added the blocked label

Contributor

nomeata commented Aug 31, 2020 •

edited

Loading

Blocked on (at least) https://github.com/dfinity-lab/ic-ref/pull/90

ghost assigned gobengo

ghost changed the title ~~Bi-directional audit of security protocol (user/replica signature validation)~~ [SPLIT THIS] Bi-directional audit of security protocol (user/replica signature validation)

ghost changed the title ~~[SPLIT THIS] Bi-directional audit of security protocol (user/replica signature validation)~~ User can authenticate a Replica (Ingress Reply Validation)

ghost assigned hansl and unassigned gobengo

hansl removed the blocked label

ghost removed this from the Sodium milestone

Contributor

p-shahi commented Feb 16, 2021

p-shahi closed this as completed

dfinity-bot added a commit that referenced this issue


          build: niv advisory-db: update bd8a0f67 -> 86ed5681

4e23c22

## Changelog for advisory-db:
Branch: master
Commits: [rustsec/advisory-db@bd8a0f67...86ed5681](rustsec/advisory-db@bd8a0f6...86ed568)

* [`a7ffa73f`](rustsec/advisory-db@a7ffa73) Add security advisory for evm crate related to memory over-allocation ([RustSec/advisory-db⁠#909](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/909))
* [`26467a96`](rustsec/advisory-db@26467a9) Assigned RUSTSEC-2021-0066 to evm ([RustSec/advisory-db⁠#910](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/910))
* [`7e4cbf61`](rustsec/advisory-db@7e4cbf6) evm-core: fix crate name ([RustSec/advisory-db⁠#911](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/911))
* [`60b9a9e9`](rustsec/advisory-db@60b9a9e) Bump rustsec-admin to v0.4.3 ([RustSec/advisory-db⁠#919](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/919))
* [`c8a2c774`](rustsec/advisory-db@c8a2c77) Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. ([RustSec/advisory-db⁠#918](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/918))
* [`1c038433`](rustsec/advisory-db@1c03843) fixes [RustSec/advisory-db⁠#915](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/915) - remove duplicate word ([RustSec/advisory-db⁠#916](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/916))
* [`256e923a`](rustsec/advisory-db@256e923) Assigned RUSTSEC-2021-0067 to cranelift-codegen ([RustSec/advisory-db⁠#921](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/921))
* [`23334c68`](rustsec/advisory-db@23334c6) Add advisory for iced-x86 soundness bug ([RustSec/advisory-db⁠#914](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/914))
* [`36bf272a`](rustsec/advisory-db@36bf272) iced-x86: fix lint ([RustSec/advisory-db⁠#922](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/922))
* [`a845d0a9`](rustsec/advisory-db@a845d0a) Assigned RUSTSEC-2021-0068 to iced-x86 ([RustSec/advisory-db⁠#923](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/923))
* [`86e2c664`](rustsec/advisory-db@86e2c66) Add lettre smtp vulnerability ([RustSec/advisory-db⁠#924](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/924))
* [`aa04921a`](rustsec/advisory-db@aa04921) Assigned RUSTSEC-2021-0069 to lettre ([RustSec/advisory-db⁠#925](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/925))
* [`3e51834f`](rustsec/advisory-db@3e51834) Make ranges in trust-dns-proto advisory non-overlapping ([RustSec/advisory-db⁠#929](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/929))
* [`40afced5`](rustsec/advisory-db@40afced) Remove range overlaps, fix some range specifications ([RustSec/advisory-db⁠#930](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/930))
* [`46e657b2`](rustsec/advisory-db@46e657b) Add advisory for nalgebra VecStorage/MatrixVec ([RustSec/advisory-db⁠#931](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/931))
* [`9984f61e`](rustsec/advisory-db@9984f61) Assigned RUSTSEC-2021-0070 to nalgebra ([RustSec/advisory-db⁠#932](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/932))
* [`958120be`](rustsec/advisory-db@958120b) Update RUSTSEC-2020-0043.md ([RustSec/advisory-db⁠#934](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/934))
* [`86ed5681`](rustsec/advisory-db@86ed568) Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases ([RustSec/advisory-db⁠#937](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/937))

mergify bot pushed a commit that referenced this issue


          build: niv advisory-db: update bd8a0f67 -> 86ed5681 (#1707)

2e8fe16

## Changelog for advisory-db:
Branch: master
Commits: [rustsec/advisory-db@bd8a0f67...86ed5681](rustsec/advisory-db@bd8a0f6...86ed568)

* [`a7ffa73f`](rustsec/advisory-db@a7ffa73) Add security advisory for evm crate related to memory over-allocation ([RustSec/advisory-db⁠#909](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/909))
* [`26467a96`](rustsec/advisory-db@26467a9) Assigned RUSTSEC-2021-0066 to evm ([RustSec/advisory-db⁠#910](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/910))
* [`7e4cbf61`](rustsec/advisory-db@7e4cbf6) evm-core: fix crate name ([RustSec/advisory-db⁠#911](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/911))
* [`60b9a9e9`](rustsec/advisory-db@60b9a9e) Bump rustsec-admin to v0.4.3 ([RustSec/advisory-db⁠#919](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/919))
* [`c8a2c774`](rustsec/advisory-db@c8a2c77) Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. ([RustSec/advisory-db⁠#918](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/918))
* [`1c038433`](rustsec/advisory-db@1c03843) fixes [RustSec/advisory-db⁠#915](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/915) - remove duplicate word ([RustSec/advisory-db⁠#916](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/916))
* [`256e923a`](rustsec/advisory-db@256e923) Assigned RUSTSEC-2021-0067 to cranelift-codegen ([RustSec/advisory-db⁠#921](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/921))
* [`23334c68`](rustsec/advisory-db@23334c6) Add advisory for iced-x86 soundness bug ([RustSec/advisory-db⁠#914](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/914))
* [`36bf272a`](rustsec/advisory-db@36bf272) iced-x86: fix lint ([RustSec/advisory-db⁠#922](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/922))
* [`a845d0a9`](rustsec/advisory-db@a845d0a) Assigned RUSTSEC-2021-0068 to iced-x86 ([RustSec/advisory-db⁠#923](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/923))
* [`86e2c664`](rustsec/advisory-db@86e2c66) Add lettre smtp vulnerability ([RustSec/advisory-db⁠#924](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/924))
* [`aa04921a`](rustsec/advisory-db@aa04921) Assigned RUSTSEC-2021-0069 to lettre ([RustSec/advisory-db⁠#925](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/925))
* [`3e51834f`](rustsec/advisory-db@3e51834) Make ranges in trust-dns-proto advisory non-overlapping ([RustSec/advisory-db⁠#929](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/929))
* [`40afced5`](rustsec/advisory-db@40afced) Remove range overlaps, fix some range specifications ([RustSec/advisory-db⁠#930](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/930))
* [`46e657b2`](rustsec/advisory-db@46e657b) Add advisory for nalgebra VecStorage/MatrixVec ([RustSec/advisory-db⁠#931](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/931))
* [`9984f61e`](rustsec/advisory-db@9984f61) Assigned RUSTSEC-2021-0070 to nalgebra ([RustSec/advisory-db⁠#932](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/932))
* [`958120be`](rustsec/advisory-db@958120b) Update RUSTSEC-2020-0043.md ([RustSec/advisory-db⁠#934](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/934))
* [`86ed5681`](rustsec/advisory-db@86ed568) Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases ([RustSec/advisory-db⁠#937](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/937))

jwiegley unassigned hansl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment