Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Including private gateway certificate in parcels could lead to fingerprinting #27

Open
gnarea opened this issue Jan 7, 2020 · 0 comments
Open

Including private gateway certificate in parcels could lead to fingerprinting #27

gnarea opened this issue Jan 7, 2020 · 0 comments
Labels
attribute-privacy spec-core RS-000 spec-pki spec-pohttp PoHTTP spec-ramf RAMF
Milestone
Production-ready

Comments

@gnarea
Copy link
Member

gnarea commented Jan 7, 2020
edited
Loading

Including the full certificate chain in a parcel could allow someone to cross link a private gateway across two or more endpoints served by that gateway.

This represents a privacy issue as it could be used for fingerprinting. It wouldn't be easy, as the attacker would have to have access to 2+ different services used by the end user, but it'd be increasingly likely as Relaynet gains traction.

One solution could be not to include the private gateway certificate in the sender certificate chain of the parcel, which has the negative effect of requiring the public gateway to keep a mapping of (private) endpoints to their corresponding private gateways -- Which wouldn't be necessary if you can fully rely on the PKI. On the plus side, fewer certificates in the chain should make most parcels significantly smaller.

Related issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
attribute-privacy spec-core RS-000 spec-pki spec-pohttp PoHTTP spec-ramf RAMF
Projects
None yet
Milestone
Production-ready
Development

No branches or pull requests
1 participant
@gnarea