Do CA checks to verify authentication by default #81
Conversation
This is a follow-up to b665b28. An attacker that is able to login into a token could bypass authentication by using its own certificate with any valid signature. This change makes the default "ca, signature" with the only way to disable CA check by using "no_ca". This, however, also makes the "none" option disabling CRL and OCSP checks only. Resolves OpenSC#80
|
Updated the commit with the suggestions, and made an attempt to update the documentation, too. |
Co-authored-by: Jakub Jelen <[email protected]>
|
@frankmorgner , what do you think about the proposed change? You were the starter! :-) IMHO, the change seems to be logical. However, if applied, the |
There was a problem hiding this comment.
Looks good to me.
I personally would change the explanation of the none setting (in manual and example configuration) to something like:
# "none" included for legacy reasons, is equivalent to "ca,signature"
This legacy option should then be moved to the bottom of the lists
|
I just realized that the code already has support for |
Wow, I like the idea. |
This change allows to individualy set configuration.policy.ocsp_policy=OCSP_NONE and configuration.policy.crl_policy=CRLP_NONE by configuration. Also further clarify the cert_policy="none" option in documentation.
|
I have added the Please let me know if you want to add or change anything else. |
This is a follow-up to b665b28.
An attacker that is able to login into a token could bypass authentication by using its own certificate with any valid signature.
This change makes the default "ca, signature" with the only way to disable CA check by using "no_ca".
This, however, also makes the "none" option disabling CRL and OCSP checks only.
Resolves #80