You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's possible to attach arbitrary third-party certifications to an already-validated OpenPGP certificates that are published on hkps://keys.mailvelope.com simply by uploading the augmented certificate to the "Manage Keys" web form. Some OpenPGP keyserver clients will reject too-large certificates when fetched from a keyserver.
This means that an anonymous user can attach garbage to an OpenPGP certificate, potentially bloating it in size beyond what clients will accept. If there is a limit to the quantity of third party certifications attachable to any given certificate, then the anonymous user can fill that limit, obstructing anyone else from attaching certifications.
This is a similar attack to one of the attacks that have been mounted against certificates hosted by the SKS keyserver network.
To fix the problem robustly, you'll either need to stop accepting third-party certifications entirely, or figure out some authorization scheme about which third-party certifications are acceptable for any given certificate. I'm happy to demonstrate the attack for any of the Mailvelope developers privately, and to talk over the options for mitigation of the issue.
sorry to be the bearer of bad news!
The text was updated successfully, but these errors were encountered:
One possible mitigation is to only accept first-party attested third-party certifications. (i wrote the linked draft after some discussion with other interested folks earlier today -- feel free to suggest improvements if you think it's off-base)
(2019-04-15: edited to update the link to the latest draft)
Flooding attacks mitigation is now implemented with e419922
Added the following section to the README:
Abuse resistant key server
The key server implements mechanisms described in the draft Abuse-Resistant OpenPGP Keystores to mitigate various attacks related to flooding the key server with bogus keys or certificates. The filtering of keys can be customized with environment variables.
In detail the following key components are filtered out:
user attribute packets
third-party certificates
certificates exceeding 8383 bytes
certificates that cannot be verified with primary key
It's possible to attach arbitrary third-party certifications to an already-validated OpenPGP certificates that are published on hkps://keys.mailvelope.com simply by uploading the augmented certificate to the "Manage Keys" web form. Some OpenPGP keyserver clients will reject too-large certificates when fetched from a keyserver.
This means that an anonymous user can attach garbage to an OpenPGP certificate, potentially bloating it in size beyond what clients will accept. If there is a limit to the quantity of third party certifications attachable to any given certificate, then the anonymous user can fill that limit, obstructing anyone else from attaching certifications.
This is a similar attack to one of the attacks that have been mounted against certificates hosted by the SKS keyserver network.
To fix the problem robustly, you'll either need to stop accepting third-party certifications entirely, or figure out some authorization scheme about which third-party certifications are acceptable for any given certificate. I'm happy to demonstrate the attack for any of the Mailvelope developers privately, and to talk over the options for mitigation of the issue.
sorry to be the bearer of bad news!
The text was updated successfully, but these errors were encountered: