Skip to content

Tap 20 Acceptance#186

Merged
lukpueh merged 4 commits intotheupdateframework:masterfrom
mnm678:tap20-acceptance
Apr 15, 2024
Merged

Tap 20 Acceptance#186
lukpueh merged 4 commits intotheupdateframework:masterfrom
mnm678:tap20-acceptance

Conversation

@mnm678
Copy link
Contributor

@mnm678 mnm678 commented Mar 26, 2024
edited
Loading

Depends on #187 (accept TAP 8 first)

mnm678 added 2 commits March 25, 2024 15:17
@mnm678
Update TAP 20 and move to accepted
9a411b6 
* update rotate file definitions to match those in TAP 8
* add reference implementation
* minor wording changes

Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
update index to move TAP 20 to accepted
3a3278e 
Signed-off-by: Marina Moore <mnm678@gmail.com>
jkjell
jkjell reviewed Apr 4, 2024
View reviewed changes
Copy link
Contributor

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Just had one question.

jkjell
jkjell previously approved these changes Apr 5, 2024
View reviewed changes
lukpueh
lukpueh reviewed Apr 8, 2024
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This TAP doesn't really mention how it changes the client workflow, apart from "Clients need to check for rotations to a null key,". Is this vagueness intended? Or am I missing something?

Also, I think it uses the term "client" ambiguously.

@mnm678
Clarify the client process
4ce8f1f 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
Copy link
Contributor Author

mnm678 commented Apr 9, 2024

This TAP doesn't really mention how it changes the client workflow, apart from "Clients need to check for rotations to a null key,". Is this vagueness intended? Or am I missing something?

Also, I think it uses the term "client" ambiguously.

I pushed some updates that describe the client workflow. This mostly relies on TAP 8 for download of rotate files, and just adds a step of checking for a rotation to null.

"client" is meant to refer to a TUF client. Is there a way I can make this more clear in the text?

@lukpueh
Copy link
Member

lukpueh commented Apr 9, 2024

I pushed some updates that describe the client workflow. This mostly relies on TAP 8 for download of rotate files, and just adds a step of checking for a rotation to null.

In that case, we should accept TAP 8 first before we accept TAP 20. Seems a bit fishy otherwise.

"client" is meant to refer to a TUF client. Is there a way I can make this more clear in the text?

I think in the sentence "If a client wants to rotate to a different key, without having access to their currently delegated private key" client means something else.

@mnm678
fix typo client -> key holder
e3e4a8d 
Signed-off-by: Marina Moore <mnm678@gmail.com>
@mnm678
Copy link
Contributor Author

mnm678 commented Apr 9, 2024

I pushed some updates that describe the client workflow. This mostly relies on TAP 8 for download of rotate files, and just adds a step of checking for a rotation to null.

In that case, we should accept TAP 8 first before we accept TAP 20. Seems a bit fishy otherwise.

Fair enough, I'll update the description so that this pr relies on #187

"client" is meant to refer to a TUF client. Is there a way I can make this more clear in the text?

I think in the sentence "If a client wants to rotate to a different key, without having access to their currently delegated private key" client means something else.

got it, fixed that one

@mnm678 mnm678 requested a review from lukpueh April 15, 2024 13:48
@lukpueh lukpueh merged commit a30461f into theupdateframework:master Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkjell jkjell jkjell approved these changes

@lukpueh lukpueh lukpueh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mnm678 @lukpueh @jkjell