Skip to content

Commit 0f56aee

Browse files
JustinCapposJustinCappos
authored
Merge pull request #65 from lukpueh/rm-2nd-rollback-check
Remove problematic targets rollback attack check
2 parents 3b744a9 + 2eccb59 commit 0f56aee

File tree

1 file changed

+8
-14
lines changed

1 file changed

+8
-14
lines changed

tuf-spec.md

Lines changed: 8 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1222,42 +1222,36 @@ non-volatile storage as FILENAME.EXT.
12221222
trusted root metadata file. If the new targets metadata file is not signed
12231223
as required, discard it, abort the update cycle, and report the failure.
12241224

1225-
* **4.3**. **Check for a rollback attack.** The version number of the trusted
1226-
targets metadata file, if any, MUST be less than or equal to the version
1227-
number of the new targets metadata file. If the new targets metadata file is
1228-
older than the trusted targets metadata file, discard it, abort the update
1229-
cycle, and report the potential rollback attack.
1230-
1231-
* **4.4**. **Check for a freeze attack.** The latest known time should be
1225+
* **4.3**. **Check for a freeze attack.** The latest known time should be
12321226
lower than the expiration timestamp in the new targets metadata file. If so,
12331227
the new targets metadata file becomes the trusted targets metadata file. If
12341228
the new targets metadata file is expired, discard it, abort the update cycle,
12351229
and report the potential freeze attack.
12361230

1237-
* **4.5**. **Perform a preorder depth-first search for metadata about the
1231+
* **4.4**. **Perform a preorder depth-first search for metadata about the
12381232
desired target, beginning with the top-level targets role.** Note: If
1239-
any metadata requested in steps 4.5.1 - 4.5.2.3 cannot be downloaded nor
1233+
any metadata requested in steps 4.4.1 - 4.4.2.3 cannot be downloaded nor
12401234
validated, end the search and report that the target cannot be found.
12411235

1242-
* **4.5.1**. If this role has been visited before, then skip this role (so
1236+
* **4.4.1**. If this role has been visited before, then skip this role (so
12431237
that cycles in the delegation graph are avoided). Otherwise, if an
12441238
application-specific maximum number of roles have been visited, then go to
12451239
step 5 (so that attackers cannot cause the client to waste excessive
12461240
bandwidth or time). Otherwise, if this role contains metadata about the
12471241
desired target, then go to step 5.
12481242

1249-
* **4.5.2**. Otherwise, recursively search the list of delegations in order
1243+
* **4.4.2**. Otherwise, recursively search the list of delegations in order
12501244
of appearance.
12511245

1252-
* **4.5.2.1**. If the current delegation is a multi-role delegation,
1246+
* **4.4.2.1**. If the current delegation is a multi-role delegation,
12531247
recursively visit each role, and check that each has signed exactly the
12541248
same non-custom metadata (i.e., length and hashes) about the target (or
12551249
the lack of any such metadata).
12561250

1257-
* **4.5.2.2**. If the current delegation is a terminating delegation,
1251+
* **4.4.2.2**. If the current delegation is a terminating delegation,
12581252
then jump to step 5.
12591253

1260-
* **4.5.2.3**. Otherwise, if the current delegation is a non-terminating
1254+
* **4.4.2.3**. Otherwise, if the current delegation is a non-terminating
12611255
delegation, continue processing the next delegation, if any. Stop the
12621256
search, and jump to step 5 as soon as a delegation returns a result.
12631257

0 commit comments

Comments
 (0)