Skip to content

Commit

Permalink
Add comment indicating source of signature budget
Browse files Browse the repository at this point in the history
  • Loading branch information
ctz authored and cpu committed Sep 8, 2023
1 parent f827e02 commit 75322f4
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/verify_cert.rs
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,13 @@ impl Budget {

impl Default for Budget {
fn default() -> Self {
Self { signatures: 100 }
Self {
// This limit is taken from the remediation for golang CVE-2018-16875. However,
// note that golang subsequently implemented AKID matching due to this limit
// being hit in real applications (see <https://github.com/spiffe/spire/issues/1004>).
// So this may actually be too aggressive.
signatures: 100,
}
}
}

Expand Down

0 comments on commit 75322f4

Please sign in to comment.