From e3d308d9bc25f01019e09f1f796796fa84f22c6a Mon Sep 17 00:00:00 2001 From: marinamoore Date: Fri, 13 Dec 2019 15:37:44 -0500 Subject: [PATCH 1/3] clarify rotation --- tuf-spec.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index df80b82..ae6be8a 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -214,7 +214,7 @@ repo](https://github.com/theupdateframework/specification/issues). * This version (1.0.0) of the specification adheres to the following TAPS: - - [TAP 3](https://github.com/theupdateframework/taps/blob/master/tap3.md): + - [TAP 3](https://github.com/theupdateframework/taps/blob/master/tap3.md): Multi Role Delegations - [TAP 4](https://github.com/theupdateframework/taps/blob/master/tap4.md): Multiple Repository Consensus on entrusted targets @@ -1116,7 +1116,7 @@ repo](https://github.com/theupdateframework/specification/issues). cycle, report the potential freeze attack. On the next update cycle, begin at step 0 and version N of the root metadata file. - * **1.9**. **If the timestamp and / or snapshot keys have been rotated, then + * **1.9**. **If a threshold of timestamp and / or snapshot keys have been removed, then delete the trusted timestamp and snapshot metadata files.** This is done in order to recover from fast-forward attacks after the repository has been compromised and recovered. A _fast-forward attack_ happens when attackers @@ -1387,7 +1387,7 @@ non-volatile storage as FILENAME.EXT. snapshots are not written by the repository, then the attribute may either be left unspecified or be set to the False value. Otherwise, it must be set to the True value. - + Regardless of whether consistent snapshots are ever used or not, all released versions of root metadata files should always be provided so that outdated clients can update to the latest available root. From ceb0a0ea2d62764ee5cbcec59821876dd34cfc33 Mon Sep 17 00:00:00 2001 From: marinamoore Date: Fri, 13 Dec 2019 15:41:26 -0500 Subject: [PATCH 2/3] whitespace issues --- tuf-spec.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index ae6be8a..a471214 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -214,7 +214,7 @@ repo](https://github.com/theupdateframework/specification/issues). * This version (1.0.0) of the specification adheres to the following TAPS: - - [TAP 3](https://github.com/theupdateframework/taps/blob/master/tap3.md): + - [TAP 3](https://github.com/theupdateframework/taps/blob/master/tap3.md): Multi Role Delegations - [TAP 4](https://github.com/theupdateframework/taps/blob/master/tap4.md): Multiple Repository Consensus on entrusted targets @@ -1387,7 +1387,7 @@ non-volatile storage as FILENAME.EXT. snapshots are not written by the repository, then the attribute may either be left unspecified or be set to the False value. Otherwise, it must be set to the True value. - + Regardless of whether consistent snapshots are ever used or not, all released versions of root metadata files should always be provided so that outdated clients can update to the latest available root. From 22f585562f004e5f6c657d6ecd0760d426c888fd Mon Sep 17 00:00:00 2001 From: marinamoore Date: Wed, 18 Dec 2019 17:45:38 -0500 Subject: [PATCH 3/3] clarify what threshold to use --- tuf-spec.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index a471214..dce8297 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -1116,7 +1116,8 @@ repo](https://github.com/theupdateframework/specification/issues). cycle, report the potential freeze attack. On the next update cycle, begin at step 0 and version N of the root metadata file. - * **1.9**. **If a threshold of timestamp and / or snapshot keys have been removed, then + * **1.9**. **If a threshold of timestamp and / or snapshot keys have been + removed (compared to verion N of the root metadata), then delete the trusted timestamp and snapshot metadata files.** This is done in order to recover from fast-forward attacks after the repository has been compromised and recovered. A _fast-forward attack_ happens when attackers