Skip to content

[TAP 8] Simplify rotate file names#167

Merged
mnm678 merged 12 commits intotheupdateframework:masterfrom
mnm678:tap8-simplification
Mar 14, 2024
Merged

[TAP 8] Simplify rotate file names#167
mnm678 merged 12 commits intotheupdateframework:masterfrom
mnm678:tap8-simplification

Conversation

@mnm678
Copy link
Contributor

@mnm678 mnm678 commented Jan 27, 2023

Simplify rotate files per the discussion in the related issue.

@mnm678
[TAP 8] Simplify rotate file names
bd176e4 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678 mnm678 mentioned this pull request Feb 7, 2023
Closed
3 tasks
@mnm678
Recommend use of hash in snapshot for rotate files
1cc415d 
For extra protection in the event of a key compromise,
this recommends the use of hashes in snapshot, and the
secure storage of previous keys.

Signed-off-by: Marina Moore <mnm678@gmail.com>
JustinCappos
JustinCappos requested changes Feb 22, 2023
View reviewed changes
Copy link
Member

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs some help / clarification in a few places...

@mnm678 mnm678 mentioned this pull request Feb 22, 2023
Open
@mnm678
Add section about interaction with TAP 4
c6ed2f4 
Signed-off-by: Marina Moore <mnm678@gmail.com>
jku
jku reviewed Feb 27, 2023
View reviewed changes
@hannesm
Copy link
Contributor

hannesm commented Feb 27, 2023

Thanks for this proposal. This indeed simplifies the proposal a lot.

Now, thinking about "why did we use a hash initially", as far as I remember:

  • consider a setup where something is delegated to a team (i.e. a quorum of 2 from alice, bob, carla)
  • how can this team modify its validity? (i.e. "we want a quorum of 3 from alice, bob, carla, doreen")

Would this still be possible with this simplification? From my memory, the reason to use a hash of the validity expression came from the observation that there's no distinct file for a delegation.

But I've neither followed up closely with TUF development, nor am I certain that the scenario described above is worth considering in your use cases. For me, there is the question "who is part of a team?" and "where are signatures put?" -- and I want to minimize the amount of files that have the requirement to have multiple signatures (since that means the file has to be passed to multiple entities before being put (and being valid) into the repository).

@mnm678
[TAP 8] Start at version 1 for consistency
023fe56 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
[TAP 8] Update client workflow to include snapshot check
3b81ca0 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
Copy link
Contributor Author

mnm678 commented Feb 27, 2023

Would this still be possible with this simplification? From my memory, the reason to use a hash of the validity expression came from the observation that there's no distinct file for a delegation.

Yes, the team could create a rotate file for the role with the next version number (so 1 to start). The goal here is to replicate the file name uniqueness from the hash with a version number. The rotate files are still signed with the previously trusted set of keys, and so only the existing team can create a valid rotate file.

JustinCappos
JustinCappos requested changes Sep 14, 2023
View reviewed changes
@mnm678
fix line wrap
d92b796 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
Add additional clarificatio to client workflow
a72172e 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
clarify "unverified"
5fc7495 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678 mnm678 requested a review from JustinCappos January 16, 2024 19:08
@mnm678
minor edits
1854835 
Signed-off-by: Marina Moore <mnm678@gmail.com>
JustinCappos
JustinCappos reviewed Jan 17, 2024
View reviewed changes
JustinCappos
JustinCappos previously approved these changes Jan 17, 2024
View reviewed changes
@mnm678
Merge branch 'master' into tap8-simplification
5738e23 
Signed-off-by: Marina Moore <mnm678@users.noreply.github.com>
@mnm678 mnm678 mentioned this pull request Jan 30, 2024
Merged
@mnm678
re-delegation should use a new rolename
065323c 
This change ensures that if two parties delegate to the same role,
there won't be a state where the two delegations have different keys,
and the rotations only apply to one of these. It also simplifies finding
rotate files after a delegation change

Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678 mnm678 mentioned this pull request Mar 5, 2024
Merged
JustinCappos
JustinCappos previously approved these changes Mar 7, 2024
View reviewed changes
joshuagl
joshuagl previously approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the simplification here, nice. I made one minor suggestion to clarify rotate file names, otherwise this looks great.

@mnm678 @joshuagl
Update tap8.md
1702321 
Co-authored-by: Joshua Lock <joshuagloe@gmail.com>
Signed-off-by: Marina Moore <mnm678@users.noreply.github.com>
@mnm678 mnm678 dismissed stale reviews from joshuagl and JustinCappos via 1702321 March 14, 2024 13:34
@mnm678 mnm678 requested a review from JustinCappos March 14, 2024 13:34
JustinCappos
JustinCappos approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This set of changes LGTM. Other PRs need to merge before this TAP can move forward.

@mnm678 mnm678 merged commit d405b79 into theupdateframework:master Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JustinCappos JustinCappos JustinCappos approved these changes

@joshuagl joshuagl joshuagl approved these changes

@trishankatdatadog trishankatdatadog Awaiting requested review from trishankatdatadog

+1 more reviewer

@jku jku jku left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mnm678 @hannesm @jku @JustinCappos @joshuagl