Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Remove slow retrieval attacks #1156

Closed
wants to merge 1 commit into from
Closed

WIP: Remove slow retrieval attacks #1156

wants to merge 1 commit into from

Conversation

joshuagl
Copy link
Member

Please fill in the fields below to submit a pull request. The more information
that is provided, the better.

Fixes issue #:

Description of the changes being introduced by the pull request:

Slow retrievals have been removed from the specification, update the reference implementation accordingly.

Please verify and check that the pull request fulfills the following
requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@joshuagl
Remove slow retrieval attacks
a59d9cd 
Signed-off-by: Joshua Lock <jlock@vmware.com>
@joshuagl joshuagl mentioned this pull request Sep 30, 2020
Merged
@joshuagl joshuagl changed the title Remove slow retrieval attacks WIP: Remove slow retrieval attacks Sep 30, 2020
@joshuagl joshuagl mentioned this pull request Oct 15, 2020
Closed
3 tasks
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 19, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
54cb2ef 
Slow retrievals have been removed from the specification and
soon it will be removed from the tuf reference implementation
as a whole.
This means that the chances of making this test useful are close
to 0 if not none.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 19, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
7f2d30c 
Slow retrievals have been removed from the specification and
soon it will be removed from the tuf reference implementation
as a whole.
This means that the chances of making this test useful are close
to 0 if not none.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 22, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
37d336b 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 22, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
d57353f 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 28, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
06cd262 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 28, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
d8363d6 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Oct 28, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
9cff280 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Nov 3, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
f3c04cb 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Nov 4, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
304b2ae 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Nov 11, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
e391341 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Nov 13, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
10157c3 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/tuf that referenced this pull request Nov 13, 2020
@MVrachev
Remove test_slow_retrieval expected failure test
592a947 
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.

This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.

The other test (with mode 1) in test_slow_retrieval is not removed.

For reference:
- theupdateframework/specification#111
- theupdateframework#1156

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@joshuagl
Copy link
Member Author

joshuagl commented Jan 8, 2021

I'm closing this as I don't think it makes sense to remove a feature from the current codebase at this time. Instead, let's plan to not include slow retrieval in the refactor until we have better ideas about how to specify the feature.

@joshuagl joshuagl closed this Jan 8, 2021
@joshuagl joshuagl deleted the joshuagl/slow-retrieval branch January 8, 2021 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@joshuagl