You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to verify integrity against (what seems like an increasing number of) supply-chain attacks, it would be beneficial to this project to cryptographically sign and hash files intended for remote use.
There are currently no protections in place, aside from HSTS'd HTTPS (of which requires a visit to the site at least once before, assuming one is even using a caching client), to ensure that the content of the list has not been corrupted in-transit or maliciously altered.
Personal recommendations:
Publish a list of valid key/keys' full fingerprints on multiple channels, optionally with the ASCII-armored public key/keyring itself
This can be satisfied by publishing static versions of the fingerprint/key on publicsuffix.org that is not pulled from https://github.com/publicsuffix/publicsuffix.org (as the site itself is hosted via Google), and the key(s)/fingerprint(s) included somewhere within this (publicsuffix/list) repository (thus requiring two separate compromises to replace the key with an attacker's instead of only one)
Have a vetting process for valid signers and keys
Signatures should not be made from DSA keys, or RSA keys <2048 bits
Allow multiple signers to sign
Sign the public_suffix_list.dat file using ASCII-armored detached signatures of at least SHA512 (if not a SHA3 algorithm) checksumming.
The text was updated successfully, but these errors were encountered:
In order to verify integrity against (what seems like an increasing number of) supply-chain attacks, it would be beneficial to this project to cryptographically sign and hash files intended for remote use.
There are currently no protections in place, aside from HSTS'd HTTPS (of which requires a visit to the site at least once before, assuming one is even using a caching client), to ensure that the content of the list has not been corrupted in-transit or maliciously altered.
Personal recommendations:
publicsuffix.orgthat is not pulled from https://github.com/publicsuffix/publicsuffix.org (as the site itself is hosted via Google), and the key(s)/fingerprint(s) included somewhere within this (publicsuffix/list) repository (thus requiring two separate compromises to replace the key with an attacker's instead of only one)public_suffix_list.datfile using ASCII-armored detached signatures of at least SHA512 (if not a SHA3 algorithm) checksumming.The text was updated successfully, but these errors were encountered: