Comments (9)
vladimir-v-diaz
commented on June 11, 2024
An issue with TAP 6 was raised here (it forces parsing of untrusted metadata).
from taps.
JustinCappos
commented on June 11, 2024
So @heartsucker raised a good point. @endophage, what are your thoughts?
from taps.
JustinCappos
commented on June 11, 2024
The other point we need to define is how clients are supposed to deal with metadata of different versions. Are they supposed to only accept exactly the version they were written for? Should they have rules about what to ignore and what to use?
from taps.
endophage
commented on June 11, 2024
Yeah, I don't know how to address the need to parse at least some of the JSON. I don't think putting it in the URL/path is the right solution for two reasons:
- That should be reserved for potential changes to how pathing is performed (i.e. the API to access the TUF files).
- The version should be signed to ensure an attacker can't change the version and for example, set it to an older mode that causes some newer piece of verification to not be performed.
It's an imperfect solution but maybe we can have the spec_version only apply to the signed component and be included in there? Then it can be parsed like the expires, and version fields after signature verification. My instinct is that the signed section will be the location of most spec changes while signatures will see very little iteration.
from taps.
JustinCappos
commented on June 11, 2024
Yes, I tend to agree that a URL / path isn't the right way to handle this.
The version number clearly needs to be protected.
How concerned are we all about the need to parse at least some JSON? I
don't feel this is a deal breaker. Does anyone feel is it adequate to just
make implementers aware of this issue?
…On Fri, Aug 18, 2017 at 4:05 PM, David Lawrence ***@***.***> wrote:
Yeah, I don't know how to address the need to parse at least some of the
JSON. I don't think putting it in the URL/path is the right solution for
two reasons:
1. That should be reserved for potential changes to how pathing is
performed (i.e. the API to access the TUF files).
2. The version should be signed to ensure an attacker can't change the
version and for example, set it to an older mode that causes some newer
piece of verification to not be performed.
It's an imperfect solution but maybe we can have the spec_version only
apply to the signed component and be included in there? Then it can be
parsed like the expires, and version fields after signature verification.
My instinct is that the signed section will be the location of most spec
changes while signatures will see very little iteration.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#35 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA0XD2adguRNWTgMJQT7HeK-lbWFwJStks5sZe5_gaJpZM4NsGRX>
.
from taps.
vladimir-v-diaz
commented on June 11, 2024
I also feel that the "signed" portion of metadata is the best place to store "spec_version." Parsing untrusted JSON/metadata is a separate issue in my opinion, and we should deal with it in a separate TAP/issue. Parsing untrusted data is a problem for all of the other keys in "signed," as well. Perhaps the solution is signing the "signed" portion as it is written to disk/file, or maybe the base64 string is the best option... Nevertheless, we should discuss this issue elsewhere.
Does anyone not agree? May I go ahead and accept TAP 6 if there is no other disagreement?
from taps.
heartsucker
commented on June 11, 2024
How concerned are we all about the need to parse at least some JSON?
This should be fine as the signature verification would happen first, and then we'd check the spec_version field like we check the expires and other fields. I agree with @endophage that the signatures portion is unlikely to see iteration after TAP 9. With that change, each signature object contains the absolute minimum amount of data necessary to check a signature, so it (hopefully) won't change again.
from taps.
JustinCappos
commented on June 11, 2024
Okay, I've proposed a PR to accept this TAP.
Justin
…On Fri, Aug 25, 2017 at 11:46 AM, heartsucker ***@***.***> wrote:
How concerned are we all about the need to parse at least some JSON?
This should be fine as the signature verification would happen first, and
then we'd check the spec_version field like we check the expires and
other fields. I agree with @endophage <https://github.com/endophage> that
the signatures portion is unlikely to see iteration after TAP 9. With
that change, each signature object contains the absolute minimum amount of
data necessary to check a signature, so it (hopefully) won't change again.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#35 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA0XD1Sk3s2jRTDxZvQLumGx8JdXqG-dks5sbuxDgaJpZM4NsGRX>
.
from taps.
vladimir-v-diaz
commented on June 11, 2024
PR has been merged. Closing this issue now that TAP 6 has been accepted!
from taps.
Related Issues (20)
- TAP process (TAP 1) HOT 7
- Allowing TAPs that are licensed with MIT or Apache 2.0? HOT 12
- TAP process: issue with pre-implementation phase visibility
- master branch protection HOT 6
- Discussion of TAP 15: Succinct hash bin delegations HOT 10
- Discussion of TAP 16: Snapshot Merkle trees HOT 3
- Discussion of TAP 12: Improving keyid flexibility HOT 4
- Discussion of TAP 14: Managing TUF Versions HOT 6
- Discussion of TAP 13: User Selection of the Top-Level Target Files Through Mapping Metadata HOT 1
- Discussion of TAP-17: Remove signature wrapper from TUF spec HOT 3
- POUF1 is out of date
- audit logs for root metadata changes
- Should POUF-1 allow whitespace for prettified output? HOT 2
- Define preferred style for wrapping and enforce with linter
- Discussion of Fulcio TAP (TAP 18) HOT 6
- [TAP 8] Should rotate files be listed in snapshot metadata? HOT 1
- Introduce a status for approved/accepted TAPs that are not intended to make it into the core specification
- TAP request: artifact discovery, index files and targets metadata HOT 1
- TAP 19: should discuss privacy HOT 1
- Support for downgrading/revoking a version? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from taps.