Comments (9)
An issue with TAP 6 was raised here (it forces parsing of untrusted metadata).
from taps.
So @heartsucker raised a good point. @endophage, what are your thoughts?
from taps.
The other point we need to define is how clients are supposed to deal with metadata of different versions. Are they supposed to only accept exactly the version they were written for? Should they have rules about what to ignore and what to use?
from taps.
Yeah, I don't know how to address the need to parse at least some of the JSON. I don't think putting it in the URL/path is the right solution for two reasons:
- That should be reserved for potential changes to how pathing is performed (i.e. the API to access the TUF files).
- The version should be signed to ensure an attacker can't change the version and for example, set it to an older mode that causes some newer piece of verification to not be performed.
It's an imperfect solution but maybe we can have the spec_version
only apply to the signed
component and be included in there? Then it can be parsed like the expires
, and version
fields after signature verification. My instinct is that the signed
section will be the location of most spec changes while signatures
will see very little iteration.
from taps.
from taps.
I also feel that the "signed" portion of metadata is the best place to store "spec_version." Parsing untrusted JSON/metadata is a separate issue in my opinion, and we should deal with it in a separate TAP/issue. Parsing untrusted data is a problem for all of the other keys in "signed," as well. Perhaps the solution is signing the "signed" portion as it is written to disk/file, or maybe the base64 string is the best option... Nevertheless, we should discuss this issue elsewhere.
Does anyone not agree? May I go ahead and accept TAP 6 if there is no other disagreement?
from taps.
How concerned are we all about the need to parse at least some JSON?
This should be fine as the signature verification would happen first, and then we'd check the spec_version
field like we check the expires
and other fields. I agree with @endophage that the signatures
portion is unlikely to see iteration after TAP 9. With that change, each signature object contains the absolute minimum amount of data necessary to check a signature, so it (hopefully) won't change again.
from taps.
from taps.
PR has been merged. Closing this issue now that TAP 6 has been accepted!
from taps.
Related Issues (20)
- TAP process (TAP 1) HOT 7
- Allowing TAPs that are licensed with MIT or Apache 2.0? HOT 12
- TAP process: issue with pre-implementation phase visibility
- master branch protection HOT 6
- Discussion of TAP 15: Succinct hash bin delegations HOT 10
- Discussion of TAP 16: Snapshot Merkle trees HOT 3
- Discussion of TAP 12: Improving keyid flexibility HOT 4
- Discussion of TAP 14: Managing TUF Versions HOT 6
- Discussion of TAP 13: User Selection of the Top-Level Target Files Through Mapping Metadata HOT 1
- Discussion of TAP-17: Remove signature wrapper from TUF spec HOT 3
- POUF1 is out of date
- audit logs for root metadata changes
- Should POUF-1 allow whitespace for prettified output? HOT 2
- Define preferred style for wrapping and enforce with linter
- Discussion of Fulcio TAP (TAP 18) HOT 6
- [TAP 8] Should rotate files be listed in snapshot metadata? HOT 1
- Introduce a status for approved/accepted TAPs that are not intended to make it into the core specification
- TAP request: artifact discovery, index files and targets metadata HOT 1
- TAP 19: should discuss privacy HOT 1
- Support for downgrading/revoking a version? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from taps.