You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The include_federated_domains options merges the trust bundle for the trust domain with the trust bundles from all federated trust domains. This is likely done to be able to comply with the use case of this tool, which is interacting with tools that take in a single CA bundle, but goes against the way SVIDs should be validated. They should only be validated against the trust bundle of the domain that signed them, based on the SPIFFE ID. Doing otherwise can lead to security issues where a trust domain could impersonate any SPIFFE ID from a different trust domain that federates with it.
I imagine this option was useful for someone, but it would be good to explicitly mark it as unsafe in the documentation and possibly through logging, since it really should not be used in production if you have federated trust domains.
The text was updated successfully, but these errors were encountered:
The
include_federated_domainsoptions merges the trust bundle for the trust domain with the trust bundles from all federated trust domains. This is likely done to be able to comply with the use case of this tool, which is interacting with tools that take in a single CA bundle, but goes against the way SVIDs should be validated. They should only be validated against the trust bundle of the domain that signed them, based on the SPIFFE ID. Doing otherwise can lead to security issues where a trust domain could impersonate any SPIFFE ID from a different trust domain that federates with it.I imagine this option was useful for someone, but it would be good to explicitly mark it as unsafe in the documentation and possibly through logging, since it really should not be used in production if you have federated trust domains.
The text was updated successfully, but these errors were encountered: