Skip to content

Fix Nameprep-conforming domain name normalization in rate limit mechanism

The rate limiter maintains a map from registered domain to number of accesses. Currently, the key is normalized only by using strings.ToLower. This means than an attacker could register a single domain with an appropriate _sigsum_v0 TXT record, and construct a large number of aliases which would map to the same record, but be treated as distinct domains by the rate limiter.

Name equivalence in this context is defined by https://www.rfc-editor.org/rfc/rfc3491 and https://www.rfc-editor.org/rfc/rfc3454. Options:

  • Implement normalization based on the specs.

  • Investigate if the net standard library provides some utility to do this normalization.

  • Investigate if we can use stdlib conversion to punycode and back to get normalization in the process. See https://pkg.go.dev/golang.org/x/net/idna