Notes for TOFU

This commit is contained in:
Case Duckworth 2020-06-08 10:11:53 -05:00
parent a7232cb9b4
commit 85cfdb99ce
1 changed files with 5 additions and 0 deletions

5
wip/TOFU.txt Normal file
View File

@ -0,0 +1,5 @@
TOFU
<makeworld> It's basically what Bombadillo does. I store the hash of the raw cert, as well as its expiry date. Then for every request, I pass the cert to a function that tries to load the TOFU entry from storage. If it doesn't exist, then the current cert is saved. If the fingerprints match, everything's good. If they don't match, but the expiry date has passed, then the new cert is saved over top of the old one. Otherwise, something malicious has happened
<makeworld> https://pastebin.com/xMsdE5D0
<makeworld> acdw: That's the overview, and the text of my high level function that handles it
<makeworld> It really wasn't that bad to do