You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A root certificate can generate certificate for any domain. If some code knows where to look at, it could reuse the root certificate to generate trusted certificate for a domain that you would not expect.
In this scenario code you don't own is executed on your machine. The code would do things more problematic than generating a trusted certificate to fool you somehow... For this reason this issue won't be a priority.
But in case, this is what could be done:
Generate an intermediate certificate from the root certificate
This intermediate certificate would be allowed to generate certificate for a subset of domains
Remove the root certificate from the filesystem
To keep in mind: This module can be used by X project on 1 machine. In other words the intermediate certificate should be allowed to generate certificate for all projects. In this scenario it means project B wants to reuse intermediate CA from project A, in that case we could regen root CA to regen an intermediate CA allowed to generate certificates for both A and B.
The text was updated successfully, but these errors were encountered:
A root certificate can generate certificate for any domain. If some code knows where to look at, it could reuse the root certificate to generate trusted certificate for a domain that you would not expect.
In this scenario code you don't own is executed on your machine. The code would do things more problematic than generating a trusted certificate to fool you somehow... For this reason this issue won't be a priority.
But in case, this is what could be done:
To keep in mind: This module can be used by X project on 1 machine. In other words the intermediate certificate should be allowed to generate certificate for all projects. In this scenario it means project B wants to reuse intermediate CA from project A, in that case we could regen root CA to regen an intermediate CA allowed to generate certificates for both A and B.
The text was updated successfully, but these errors were encountered: