How do TARGETS interact with delegations? #268
Comments
|
Thanks so much for filing this detailed issue! Apologies for the delayed reply. I really appreciate your suggested improvements, too. I started with your suggestions and am trying to make the language fit the rest of the spec (though` ran into my old frustrations with object terminology, see #175). I'll keep iterating on this in the coming days and open a PR when it's ready for feedback, you can see (but don't feel obliged to look at) my WIP changes in master...joshuagl:specification:joshuagl/targets-delegations |
|
And I'd like to further commend you on the issue. Specification clarifications are definitely something we care about. We will be working to address your concerns. |
|
I have always wanted us to specify the delegations preorder DFS in pseudocode rather than English, which would go a long way to solving this problem |
This issue is asking for the standard to be clearer about how delegations and explicitly listed targets interact. It is possible that with a full understanding of how TUF is intended to work, all of the details are in fact clearly specified in the specification. However as someone without the full picture I have gotten myself thoroughly confused. I will try and document how I have (mis)read things, so that small changes in wording can be merged to make it easier to understand.
As I am profoundly confused, I may be wrong about what I have misunderstood.
When
targets.jsondelegates to roleAwhat is supposed to go intargets.json's"targets"and what is supposed to go in theA.json's"targets"? What happens iftargets.jsonhas a particular file in its"targets"and delegates forAto be responsible for that path, butA.jsondoes not have the file listed?https://theupdateframework.github.io/specification/latest/index.html#targets-obj-targets
I originally misread the statement to suggest that the root
targets.jsonmust list all files available from the registry. Obviously this is not scalable. So I looked at PEP 458 which claims to have solved the scalability problem using Succinct hashed bin delegations (TAP 15). But when reading the specificationpath_hash_prefixeshas to do with delegations not the targets list.So, apparently, delegations have their own target like files. This is actually spelled out further down as:
Once this was pointed out to me I reread specification from the top to try and figure out why I hadn't noticed it the first two times I read the specification. These files were in fact previously mentioned in "3.1.2.1. Metadata files for targets delegation". In previous readings, my brain had gotten focused on "role" in the name of the file and so had assumed these files described the keys and protocols for that role. I now see the error in this. The descriptions of what keys to trust for each role live exclusively in
root.json.Okay one more effort to figure this out on my own. Section 5 must have something about checking the
"targets"list. ... no. The closest is the quote "Verify the desired target against its targets metadata." which leaves a lot of detail out.(cc rust-lang/cargo#10928 (comment) , where I first attempted to describe my confusion.)
Proposed improvements
In "3.1.2.1. Metadata files for targets delegation", add the descriptive sentence from
/targets.EXT. Ending up with a paragraph like:In https://theupdateframework.github.io/specification/latest/index.html#targets-obj-targets and a sentence making it clear that these are files attested to by this role, but other files may be attested to by delegations. Ending up with a paragraph like:
Add precise steps to sections 5.6.7 and 5.7. For example in 5.6.7 in between 5.6.7.1 and 5.6.7.2 "if the file being searched for is in the
"targets"then jump to step § 5.7 Fetch target.". And for 5.7.1 ... I don't know how to say this more clearly.The text was updated successfully, but these errors were encountered: