|
|
Subscribe / Log in / New account

"Smaller attack surface"?

"Smaller attack surface"?

Posted Aug 14, 2025 10:37 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: "Smaller attack surface"? by Cyberax
Parent article: NGINX adds native support for ACME protocol

Certainly it would be possible for the software case, where the isolation is process isolation or similar rather than potentially separate hardware - still a significant obstacle for most realistic attacks.

Also you could do something like RFC 9345 "Delegated Credentials", there the idea is you get a certificate but the signatures from the certified key are used to delegate a further credential, so maybe you make one delegation every 30 minutes, and the delegated credential is only good for an hour, but clearly a hardware HSM can keep up with that rate even if the web server is using that credential millions of times per second. Stealing a delegated credential that you can use for at most one hour isn't good, but it's extremely time limited, if you have an attack for this in the morning but I fix it at lunch time then everything is fine before closing.

There are practical problems today but nothing which can't be addressed. RFC 9345 points out that clock skew is an issue, a lot of machines will be wrong by exactly one hour due to "Daylight saving" nonsense and others won't have accurate clocks, humans tend to treat 5-10 minutes as acceptable unless they're weird like me. In some applications you don't care - you can guarantee accurate clocks in intended clients, but general web serving won't be one of those.

to post comments

"Smaller attack surface"?

Posted Aug 14, 2025 15:12 UTC (Thu) by smurf (subscriber, #17840) [Link]

> a lot of machines will be wrong by exactly one hour due to "Daylight saving" nonsense

Certificate expiry is using UTC. The same is true (or should be true) for your local clock if the UI's time zone is set correctly.

So the people who fudge with their clocks instead of adjusting the timezone will learn to do this they way they should be doing it. *shrug*

"Smaller attack surface"?

Posted Aug 14, 2025 17:51 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> Certainly it would be possible for the software case, where the isolation is process isolation or similar rather than potentially separate hardware - still a significant obstacle for most realistic attacks.

Even for software-based HSMs the PKCS interface is not scalable. It's typically implemented with a big lock around the storage, essentially limiting it to a single thread.

> Also you could do something like RFC 9345 "Delegated Credentials", there the idea is you get a certificate but the signatures from the certified key are used to delegate a further credential, so maybe you make one delegation every 30 minutes

Another option is to use constrained intermediary CAs, but neither them, nor delegated credentials are widely supported.

"Smaller attack surface"?

Posted Aug 14, 2025 22:57 UTC (Thu) by alp (subscriber, #136414) [Link]

Yeah, the locking is downright ugly, but for some applications, given the concurrent userbase size, and aggressive enough connection reuse and TLS session tickets, it works out.

"Smaller attack surface"?

Posted Aug 16, 2025 0:04 UTC (Sat) by jdulaney (subscriber, #83672) [Link] (1 responses)

I'll have you know my web server is connected to a GPS disciplined rubidium oscillator

"Smaller attack surface"?

Posted Aug 16, 2025 2:36 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Yours too?!?

(I found an AccuBeat rubidium frequency standard on eBay for cheap and couldn't hold myself back from buying it)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds