Menu
▾
▴
#29 "evil twin" certificates can invalidate valid objects
RPKI objects can have multiple parents in a few cases. This should be supported such that if any path to a trust anchor is valid, the object is considered valid.
In an "evil twin" attack, a malicious CA tweaks, re-signs, and publishes another CA's certificate. The re-signed copy appears to be a parent of the victim CA's children: the issuer, AKI, etc. in the victim CA's children match the subject, SKI, etc. of the re-signed CA cert. However, one or both of the following will be true of the re-signed copy if it is an "evil twin" CA certificate:
- the evil twin certificate is invalid (e.g., it claims RFC3779 resources that are not held by the malicious CA that signed it), or
- the victim CA's children appear to be invalid when checked against the evil twin (e.g., because the children use resources outside the modified resources in the evil twin).
If a relying party only attempts to validate the victim CA's children via the evil twin, the RP will incorrectly consider the children to be invalid.
Certain circumstances can cause RPSTIR to only attempt to validate an object via an evil twin, which makes it possible for an attacker to effectively invalidate another party's objects.
Migrated to github.