Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TAP 8] Simplify rotate file names #167

Merged
merged 12 commits into from
Mar 14, 2024
Merged

[TAP 8] Simplify rotate file names #167

merged 12 commits into from
Mar 14, 2024

Conversation

mnm678
Copy link
Contributor

@mnm678 mnm678 commented Jan 27, 2023

Simplify rotate files per the discussion in the related issue.

@mnm678 mnm678 mentioned this pull request Feb 7, 2023
Closed
3 tasks
@mnm678
Recommend use of hash in snapshot for rotate files
1cc415d 
For extra protection in the event of a key compromise,
this recommends the use of hashes in snapshot, and the
secure storage of previous keys.

Signed-off-by: Marina Moore <[email protected]>
JustinCappos
JustinCappos requested changes Feb 22, 2023
View reviewed changes
Copy link
Member

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs some help / clarification in a few places...

tap8.md Show resolved Hide resolved
tap8.md Outdated Show resolved Hide resolved
@mnm678 mnm678 mentioned this pull request Feb 22, 2023
Open
jku
jku reviewed Feb 27, 2023
View reviewed changes
tap8.md Outdated Show resolved Hide resolved
@hannesm
Copy link
Contributor

hannesm commented Feb 27, 2023

Thanks for this proposal. This indeed simplifies the proposal a lot.

Now, thinking about "why did we use a hash initially", as far as I remember:

  • consider a setup where something is delegated to a team (i.e. a quorum of 2 from alice, bob, carla)
  • how can this team modify its validity? (i.e. "we want a quorum of 3 from alice, bob, carla, doreen")

Would this still be possible with this simplification? From my memory, the reason to use a hash of the validity expression came from the observation that there's no distinct file for a delegation.

But I've neither followed up closely with TUF development, nor am I certain that the scenario described above is worth considering in your use cases. For me, there is the question "who is part of a team?" and "where are signatures put?" -- and I want to minimize the amount of files that have the requirement to have multiple signatures (since that means the file has to be passed to multiple entities before being put (and being valid) into the repository).

@mnm678
Copy link
Contributor Author

mnm678 commented Feb 27, 2023

Would this still be possible with this simplification? From my memory, the reason to use a hash of the validity expression came from the observation that there's no distinct file for a delegation.

Yes, the team could create a rotate file for the role with the next version number (so 1 to start). The goal here is to replicate the file name uniqueness from the hash with a version number. The rotate files are still signed with the previously trusted set of keys, and so only the existing team can create a valid rotate file.

JustinCappos
JustinCappos requested changes Sep 14, 2023
View reviewed changes
tap8.md Outdated Show resolved Hide resolved
tap8.md Outdated Show resolved Hide resolved
tap8.md Outdated Show resolved Hide resolved
@mnm678
minor edits
1854835 
Signed-off-by: Marina Moore <[email protected]>
JustinCappos
JustinCappos reviewed Jan 17, 2024
View reviewed changes
tap8.md Show resolved Hide resolved
JustinCappos
JustinCappos previously approved these changes Jan 17, 2024
View reviewed changes
@mnm678 mnm678 mentioned this pull request Jan 30, 2024
Merged
@mnm678
re-delegation should use a new rolename
065323c 
This change ensures that if two parties delegate to the same role,
there won't be a state where the two delegations have different keys,
and the rotations only apply to one of these. It also simplifies finding
rotate files after a delegation change

Signed-off-by: Marina Moore <[email protected]>
@mnm678 mnm678 mentioned this pull request Mar 5, 2024
Merged
JustinCappos
JustinCappos previously approved these changes Mar 7, 2024
View reviewed changes
joshuagl
joshuagl previously approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the simplification here, nice. I made one minor suggestion to clarify rotate file names, otherwise this looks great.

tap8.md Outdated Show resolved Hide resolved
@mnm678 @joshuagl
Update tap8.md
1702321 
Co-authored-by: Joshua Lock <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
@mnm678 mnm678 dismissed stale reviews from joshuagl and JustinCappos via 1702321 March 14, 2024 13:34
JustinCappos
JustinCappos approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This set of changes LGTM. Other PRs need to merge before this TAP can move forward.

@mnm678 mnm678 merged commit d405b79 into theupdateframework:master Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku left review comments

@JustinCappos JustinCappos JustinCappos approved these changes

@joshuagl joshuagl joshuagl approved these changes

@trishankatdatadog trishankatdatadog Awaiting requested review from trishankatdatadog

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mnm678 @hannesm @jku @JustinCappos @joshuagl