Skip to content

Commit 0bdb99c

Browse files
lukpuehlukpueh
committed
Clarify snapshot+targets metadata hash check
Update the client workflow to clarify that snapshot metadata hashes can only be checked if timestamp lists the optional hashes, and, similarly, targets metadata hashes can only be checked if snapshot lists the optional hashes.
1 parent 37c6be8 commit 0bdb99c

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

tuf-spec.md

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1169,10 +1169,10 @@ the timestamp metadata file. In either case, the client MUST write the file to
11691169
non-volatile storage as FILENAME.EXT.
11701170

11711171
* **3.1**. **Check against timestamp metadata.** The hashes and version
1172-
number of the new snapshot metadata file MUST match the hashes and version
1173-
number listed in timestamp metadata. If hashes and version do not match,
1174-
discard the new snapshot metadata, abort the update cycle, and report the
1175-
failure.
1172+
number of the new snapshot metadata file MUST match the hashes (if any) and
1173+
version number listed in the trusted timestamp metadata. If hashes and
1174+
version do not match, discard the new snapshot metadata, abort the update
1175+
cycle, and report the failure.
11761176

11771177
* **3.2**. **Check signatures.** The new snapshot metadata file MUST have
11781178
been signed by a threshold of keys specified in the trusted root metadata
@@ -1217,11 +1217,12 @@ VERSION_NUMBER is the version number of the targets metadata file listed in the
12171217
snapshot metadata file. In either case, the client MUST write the file to
12181218
non-volatile storage as FILENAME.EXT.
12191219

1220-
* **4.1**. **Check against snapshot metadata.** The hashes (if any), and
1221-
version number of the new targets metadata file MUST match the trusted
1222-
snapshot metadata. This is done, in part, to prevent a mix-and-match attack
1223-
by man-in-the-middle attackers. If the new targets metadata file does not
1224-
match, discard it, abort the update cycle, and report the failure.
1220+
* **4.1**. **Check against snapshot metadata.** The hashes and version
1221+
number of the new targets metadata file MUST match the hashes (if any) and
1222+
version number listed in the trusted snapshot metadata. This is done, in
1223+
part, to prevent a mix-and-match attack by man-in-the-middle attackers. If
1224+
the new targets metadata file does not match, discard it, abort the update
1225+
cycle, and report the failure.
12251226

12261227
* **4.2**. **Check for an arbitrary software attack.** The new targets
12271228
metadata file MUST have been signed by a threshold of keys specified in the

0 commit comments

Comments
 (0)