Anapaya review

[nicorusti]

Points to be reviewed:

• 5. Security Considerations
• 1.4.2. Substitutes to Certificate Revocation
• ASN.1 Module for new types #28

Links:

• Diff -04 (09.23) / current version

[oncilla]

Note that this is a sensitive TRC update, as the
certificate related to the compromised private key MUST be
replaced with an entirely new certificate (and not just changed).

This is not exactly true. If only the public key changes, and all other parameters are the same, It is a regular update AFAIK.

[oncilla]

A trust reset is only required in the case the number of
compromised keys at the same time is greater or equal than the
TRC's quorum (see Section 3.1.2.2.7).

and a invalid update has been produced and distributed in the network. I think if the compromise is noticed early enough and an Update is issued and distributed in the network, then there is nothing an attacker can do anymore. Nodes in the SCION network store all the TRCs they have seen, and history cannot be rewriten.

[nicorusti]

Right, I had a look at the two changes and I agree with you. I added your changes in #46 , let me know if this is clear enough.

Are you done with reviewing the draft?

We also have #28 , I'm looking for some ASN.1 experts to have a look :) Would you mind having a look?