-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client aborts on root key rotation when either the old key set or new key set has an unmet threshold #42
Comments
@trishankkarthik Can you let me know if my interpretation of the spec is correct with these test cases? |
Upstream issue for test cases: advancedtelematic/tuf-test-vectors#38 |
The indicated client behaviour for all these test cases seems correct to me! The root file must be signed by a threshold of keys for both the current and previous versions.
Root must include a threshold of signatures for the previous version so that clients with the previous version of Root can validate it, and clients with access to only the current version must be able to validate it on its own (so it must be signed with a threshold of currently trusted keys). |
@vladimir-v-diaz Great, thanks :D |
@vladimir-v-diaz Wait, follow up actually. To clear up some ambiguity in the spec, it sounds like |
Good point! The specification probably does not clarify that this is not the case. |
Yeah, if that's not clear in the spec, it certainly should be. At a high level, the rules for validating new metadata files come exclusively from already-validated metadata files. We don't care what the new file's threshold is when we're validating that new file. (Caveat: you might additionally expect the new file's signature to be valid per the new file, but this must come only after it is validated per rules from the old, trusted file.) |
Client's should validate new root.json according to the threshold and keys set by its previous version. See @heartsucker comment [here](theupdateframework/rust-tuf#42 (comment))
Client's should validate new root.json according to the threshold and keys set by its previous version. See @heartsucker comment [here](theupdateframework/rust-tuf#42 (comment))
This was partially covered by #32, but I don't think the current test case is good enough.
TODO
Case 1:
1.root.json
has threshold 3 and keys 1, 2, and 32.root.json
has threshold 3 and keys 4, 5, 62.root.json
is signed with 1, 2, 4, 5, 6Case 2:
1.root.json
has threshold 3 and keys 1, 2, and 32.root.json
has threshold 3 and keys 4, 5, 62.root.json
is signed with 1, 2, 3, 5, 6Case 3:
1.root.json
has threshold 3 and keys 1, 2, and 32.root.json
has threshold 3 and keys 1, 2, and 42.root.json
is signed with 1, 2, 3Case 4:
1.root.json
has threshold 3 and keys 1, 2, and 32.root.json
has threshold 3 and keys 1, 2, and 42.root.json
is signed with 1, 2, 4Case 5:
1.root.json
has threshold 3 and keys 1, 2, and 32.root.json
has threshold 2 and keys 3, 4, and 52.root.json
is signed with 1, 2, 3, 4, 5The text was updated successfully, but these errors were encountered: