Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Explain why we check hashes before signatures#142

Merged
mnm678 merged 3 commits intotheupdateframework:mastertheupdateframework/specification:masterfrom
trishankatdatadog:trishankatdatadog/explain-why-check-hashes-firsttrishankatdatadog/specification:trishankatdatadog/explain-why-check-hashes-firstCopy head branch name to clipboard
Sep 7, 2021
Merged

Explain why we check hashes before signatures#142
mnm678 merged 3 commits intotheupdateframework:mastertheupdateframework/specification:masterfrom
trishankatdatadog:trishankatdatadog/explain-why-check-hashes-firsttrishankatdatadog/specification:trishankatdatadog/explain-why-check-hashes-firstCopy head branch name to clipboard

Conversation

@trishankatdatadog
Copy link
Contributor

@trishankatdatadog trishankatdatadog commented Dec 11, 2020

An attempt to fix #138

Does this look good @tedbow?

Signed-off-by: Trishank Karthik Kuppusamy trishank.kuppusamy@datadoghq.com

lukpueh
lukpueh reviewed Dec 11, 2020
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarifying this, @trishankatdatadog. I wonder if we can make it more concise.

It is safe to check the hashes before the signatures, because the hashes comes from the timestamp role, which we have already verified in the previous step

feels a bit redundant to

hashes ... listed in the trusted timestamp metadata

Maybe it's enough to just expand what's already there, e.g.

hashes ... listed in the above/previously/already verified and thus trusted timestamp metadata

?

On the other hand, it seems worthwhile to elaborate on the

quick way to reject bad metadata

What about something along the lines of

preliminary integrity check before performing a more expensive signature verification

?

Besides, should this be part of the spec or is it rather a contender for secondary literature (#91)?

@trishankatdatadog
Copy link
Contributor Author

trishankatdatadog commented Dec 11, 2020

Sounds good, I will address your comments. In the meantime, I think we should add this to the spec, because that's where the question came up for php-tuf while implementing, but I'll let @tedbow decide.

@joshuagl
Copy link
Member

joshuagl commented Dec 11, 2020

I agree that the spec is a good place for this, at least until we have the secondary literature. There are other parts of the spec where we explain why things are they way they are, such as the recently introduced fixed update start time.

@trishankatdatadog trishankatdatadog force-pushed the trishankatdatadog/explain-why-check-hashes-first branch from 320ba2f to 8091c5a Compare September 7, 2021 16:06
@trishankatdatadog
explain why we check hashes before signatures
5107517 
Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>

bump version
@trishankatdatadog trishankatdatadog force-pushed the trishankatdatadog/explain-why-check-hashes-first branch from 003b748 to 5107517 Compare September 7, 2021 16:09
@trishankatdatadog
Copy link
Contributor Author

trishankatdatadog commented Sep 7, 2021

@joshuagl @mnm678 PTAL 👀

joshuagl
joshuagl previously approved these changes Sep 7, 2021
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Trishank

tuf-spec.md Outdated Show resolved Hide resolved
tuf-spec.md Outdated Show resolved Hide resolved
@trishankatdatadog @joshuagl
Update tuf-spec.md
910ce13 
Co-authored-by: Joshua Lock <jlock@vmware.com>
@trishankatdatadog @joshuagl
Update tuf-spec.md
42d719e 
Co-authored-by: Joshua Lock <jlock@vmware.com>
@mnm678 mnm678 merged commit 2585a4e into theupdateframework:master Sep 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lukpueh lukpueh lukpueh left review comments

@mnm678 mnm678 mnm678 approved these changes

@joshuagl joshuagl joshuagl approved these changes

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Explain why checking some hashes before signatures is ok?

4 participants

@trishankatdatadog @joshuagl @lukpueh @mnm678
Morty Proxy This is a proxified and sanitized view of the page, visit original site.