-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't allow the same private key to be used by more than one configured log #1046
Don't allow the same private key to be used by more than one configured log #1046
Conversation
/gcbrun |
The CI build failure is expected, because the logs configured in ct_integration_test.cfg and ct_lifecycle_test.cfg all share the same keypair. ;-) |
Please post another |
/gcbrun |
/gcbrun |
Another CI build failure: |
Ah, that's a flake - just need to kick it again, hang on... |
Different error this time: |
Hmm, that's unexpected... |
Successful! |
Each log/shard is expected to use a unique keypair. This is stated explicitly in RFC9162, and although not clearly stated in RFC6962 (AFAICT) it is strongly implied. If two logs share the same private key, then cryptographically speaking they should be considered as split views of the same log.
This PR ensures that no two logs in the CTFE configuration use the same private key.
h/t to @AlCutter for suggesting this check.
Checklist