Add partial verification to go-tuf?

[hosseinsia]

Partial verification is part of Uptane specification. This can be implemented easily in go-tuf. I think go-tuf is the best place to put it. What does this community think about adding the partial verification in this repo?

[trishankatdatadog]

I don't see a problem as long as we can conditionally compile it, and I'm sure it'll meet some use cases for the public. Do any of the maintainers have any objections?

[mnm678]

I'm curious about what partial verification would mean in the context of TUF. In Uptane, the biggest change is that it does not download data from the Image repository, but only from the Director repository. Partial verification ECUs are also able to skip some checks because they are already done by the primary ECU, and I would want to see some equivalent of that for a TUF implementation to skip any step in the verification process.

[hosseinsia]

I would say we can make the partial verification a flexible API (rather than providing a specific definition to what involves in a partial verification). So the caller can order required checks, instead of having a regular monolithic check. For example, a user might desire skipping timestamp/snapshot or both (already desired to ignore both for Director repo in Uptane), or to check root or not. WDYT?

[mnm678]

As long as we make it clear to users that partial verification is not a substitute for full verification, and should only be used when paired with a trusted device doing full verification, I don't have any objections.

[JustinCappos]

The motivation for partial verification is to support extremely weak devices that perhaps cannot store ~100KB of information or perform more than 1-2 public key verifications upon boot. I don't know that we have that use case for go-tuf users, right?

…

On Thu, Dec 9, 2021 at 5:13 AM Hossein Siadati ***@***.***> wrote: I would say we can make the partial verification a flexible API (rather than providing a specific definition to what involves in a partial verification). So the caller can order required checks, instead of having a regular monolithic check. For example, a user might desire skipping timestamp/snapshot or both (already desired to ignore both for Director repo in Uptane), or to check root or not. WDYT? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#187 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGROD3DHMDEDICUZHPMG2DUP7C7BANCNFSM5JUDUIDA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[hosseinsia]

I agree with you! Even conditional compilation wouldn't completely help satisfy the processing power constrains you mentioned. In the use-case we are dealing with, devices do not have limitations you mentioned. However, we already have an implementation for the partial verification and want to share it with the community.
I believe go-tuf is a good place to share the partial verification capability with the rest of community. WDYT?

[trishankatdatadog]

I don't know that we have that use case for go-tuf users, right?

Consider vehicular use cases (i.e., Uptane) that may wish to use go-tuf.

[JustinCappos]

Perhaps this belongs under the name Uptane in some way instead...

…

On Thu, Dec 16, 2021 at 1:46 AM Marina Moore ***@***.***> wrote: As long as we make it clear to users that partial verification is not a substitute for full verification, and should only be used when paired with a trusted device doing full verification, I don't have any objections. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#187 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGROD7FVJGKEC2CULALRETURDH55ANCNFSM5JUDUIDA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[trishankatdatadog]

Perhaps this belongs under the name Uptane in some way instead...

I think just a name like partial_verification() should go a long way, along with a comment warning that most users should not use it. And, again, it should be conditionally compiled (i.e., not available by default unless you pass, say, an --uptane build flag).