22
33Last modified: ** 29 September 2020**
44
5- Version: ** 1.0.8 **
5+ Version: ** 1.0.9 **
66
77We strive to make the specification easy to implement, so if you come across
88any inconsistencies or experience any difficulty, do let us know by sending an
@@ -29,7 +29,7 @@ repo](https://github.com/theupdateframework/specification/issues).
2929
3030 The keywords "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD,"
3131 "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this document are to be
32- interpreted as described in RFC 2119.
32+ interpreted as described in [ RFC 2119] ( https://tools.ietf.org/html/rfc2119 ) .
3333
3434* ** 1.2. Motivation**
3535
@@ -52,9 +52,10 @@ repo](https://github.com/theupdateframework/specification/issues).
5252* ** 1.3. History and credit**
5353
5454 Work on TUF began in late 2009. The core ideas are based off of previous
55- work done by Justin Cappos and Justin Samuel that identified security flaws
56- in all popular Linux package managers. More information and current
57- versions of this document can be found at https://www.updateframework.com/
55+ work done by Justin Cappos and Justin Samuel that [ identified security flaws
56+ in all popular Linux package managers] ( https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf ) .
57+ More information and current versions of this document can be found at
58+ https://theupdateframework.io/
5859
5960 The [ Global Environment for Network Innovations] ( https://www.geni.net/ ) (GENI)
6061 and the [ National Science Foundation] ( https://www.nsf.gov/ ) (NSF) have
@@ -286,10 +287,10 @@ repo](https://github.com/theupdateframework/specification/issues).
286287 + The root role delegates trust to specific keys trusted for all other
287288 top-level roles used in the system.
288289
289- + The client-side of the framework must ship with trusted root keys for each
290+ + The client-side of the framework MUST ship with trusted root keys for each
290291 configured repository.
291292
292- + The root role's private keys must be kept very secure and thus should be
293+ + The root role's private keys MUST be kept very secure and thus should be
293294 kept offline. If less than a threshold of Root keys are compromised, the
294295 repository should revoke trust on the compromised keys. This can be
295296 accomplished with a normal rotation of root keys, covered in section 6.1
@@ -338,7 +339,7 @@ repo](https://github.com/theupdateframework/specification/issues).
338339 whose signature has not yet expired, an automated process periodically signs
339340 a timestamped statement containing the hash of the snapshot file. Even
340341 though this timestamp key must be kept online, the risk posed to clients by
341- compromise of this key is minimal.
342+ the compromise of this key is minimal.
342343
343344 - ** 2.1.5 Mirrors role**
344345
@@ -545,7 +546,7 @@ repo](https://github.com/theupdateframework/specification/issues).
545546 "keyval" : {"public" : PUBLIC}
546547 }
547548
548- where PUBLIC is in PEM format and a string. All RSA keys must be at least
549+ where PUBLIC is in PEM format and a string. All RSA keys MUST be at least
549550 2048 bits.
550551
551552 The 'ed25519' format is:
@@ -624,11 +625,11 @@ repo](https://github.com/theupdateframework/specification/issues).
624625
625626 A ROLE is one of "root", "snapshot", "targets", "timestamp", or "mirrors".
626627 A role for each of "root", "snapshot", "timestamp", and "targets" MUST be
627- specified in the key list. The role of "mirror" is optional . If not
628+ specified in the key list. The role of "mirror" is OPTIONAL . If not
628629 specified, the mirror list will not need to be signed if mirror lists are
629630 being used.
630631
631- The KEYID must be correct for the specified KEY. Clients MUST calculate
632+ The KEYID MUST be correct for the specified KEY. Clients MUST calculate
632633 each KEYID to verify this is correct for the associated key. Clients MUST
633634 ensure that for any KEYID represented in this key list and in other files,
634635 only one unique key has that KEYID.
@@ -974,7 +975,7 @@ repo](https://github.com/theupdateframework/specification/issues).
974975* ** 4.6. File formats: timestamp.json**
975976
976977 The timestamp file is signed by a timestamp key. It indicates the latest
977- version of the snapshot metadata and is frequently resigned to limit the
978+ version of the snapshot metadata and is frequently re-signed to limit the
978979 amount of time a client can be kept unaware of interference with obtaining
979980 updates.
980981
@@ -1079,7 +1080,7 @@ repo](https://github.com/theupdateframework/specification/issues).
10791080 next step.
10801081
10811082 ** 1** . ** Update the root metadata file.**
1082- Since it may now be signed using entirely different keys, the client must
1083+ Since it may now be signed using entirely different keys, the client MUST
10831084 somehow be able to establish a trusted line of continuity to the latest set
10841085 of keys (see Section 6.1). To do so, the client MUST download intermediate
10851086 root metadata files, until the latest available one is reached. Therefore, it
@@ -1098,16 +1099,16 @@ repo](https://github.com/theupdateframework/specification/issues).
10981099 for Y is set by the authors of the application using TUF. For example, Y may
10991100 be 2^10.
11001101
1101- * ** 1.3. Check signatures .** Version N+1 of the root metadata file MUST have
1102- been signed by: (1) a threshold of keys specified in the trusted root
1103- metadata file (version N), and (2) a threshold of keys specified in the new
1104- root metadata file being validated (version N+1). If version N+1 is not
1105- signed as required, discard it, abort the update cycle, and report the
1106- signature failure. On the next update cycle, begin at step 0 and version N
1107- of the root metadata file.
1102+ * ** 1.3. Check for an arbitrary software attack .** Version N+1 of the root
1103+ metadata file MUST have been signed by: (1) a threshold of keys specified in
1104+ the trusted root metadata file (version N), and (2) a threshold of keys
1105+ specified in the new root metadata file being validated (version N+1). If
1106+ version N+1 is not signed as required, discard it, abort the update cycle,
1107+ and report the signature failure. On the next update cycle, begin at step 0
1108+ and version N of the root metadata file.
11081109
11091110 * ** 1.4. Check for a rollback attack.** The version number of the trusted
1110- root metadata file (version N) must be less than or equal to the version
1111+ root metadata file (version N) MUST be less than or equal to the version
11111112 number of the new root metadata file (version N+1). Effectively, this means
11121113 checking that the version number signed in the new root metadata file is
11131114 indeed N+1. If the version of the new root metadata file is less than the
@@ -1126,7 +1127,7 @@ repo](https://github.com/theupdateframework/specification/issues).
11261127
11271128 * ** 1.8** . ** Repeat steps 1.1 to 1.8** .
11281129
1129- * ** 1.9** . ** Check for a freeze attack.** The latest known time should be
1130+ * ** 1.9** . ** Check for a freeze attack.** The latest known time MUST be
11301131 lower than the expiration timestamp in the trusted root metadata file
11311132 (version N). If the trusted root metadata file has expired, abort the update
11321133 cycle, report the potential freeze attack. On the next update cycle, begin
@@ -1151,25 +1152,26 @@ application using TUF. For example, X may be tens of kilobytes. The filename
11511152used to download the timestamp metadata file is of the fixed form FILENAME.EXT
11521153(e.g., timestamp.json).
11531154
1154- * ** 2.1** . ** Check signatures.** The new timestamp metadata file must have
1155- been signed by a threshold of keys specified in the trusted root metadata
1156- file. If the new timestamp metadata file is not properly signed, discard it,
1157- abort the update cycle, and report the signature failure.
1155+ * ** 2.1** . ** Check for an arbitrary software attack.** The new timestamp
1156+ metadata file MUST have been signed by a threshold of keys specified in the
1157+ trusted root metadata file. If the new timestamp metadata file is not
1158+ properly signed, discard it, abort the update cycle, and report the signature
1159+ failure.
11581160
11591161 * ** 2.2** . ** Check for a rollback attack.**
11601162
11611163 * ** 2.2.1** . The version number of the trusted timestamp metadata file, if
1162- any, must be less than or equal to the version number of the new timestamp
1164+ any, MUST be less than or equal to the version number of the new timestamp
11631165 metadata file. If the new timestamp metadata file is older than the
11641166 trusted timestamp metadata file, discard it, abort the update cycle, and
11651167 report the potential rollback attack.
11661168
11671169 * ** 2.2.2** . The version number of the snapshot metadata file in the
11681170 trusted timestamp metadata file, if any, MUST be less than or equal to its
11691171 version number in the new timestamp metadata file. If not, discard the new
1170- timestamp metadadata file, abort the update cycle, and report the failure.
1172+ timestamp metadata file, abort the update cycle, and report the failure.
11711173
1172- * ** 2.3** . ** Check for a freeze attack.** The latest known time should be
1174+ * ** 2.3** . ** Check for a freeze attack.** The latest known time MUST be
11731175 lower than the expiration timestamp in the new timestamp metadata file. If
11741176 so, the new timestamp metadata file becomes the trusted timestamp metadata
11751177 file. If the new timestamp metadata file has expired, discard it, abort the
@@ -1189,26 +1191,27 @@ VERSION_NUMBER is the version number of the snapshot metadata file listed in
11891191the timestamp metadata file.
11901192
11911193 * ** 3.1** . ** Check against timestamp metadata.** The hashes and version
1192- number of the new snapshot metadata file MUST match the hashes ( if any) and
1194+ number of the new snapshot metadata file MUST match the hashes, if any, and
11931195 version number listed in the trusted timestamp metadata. If hashes and
11941196 version do not match, discard the new snapshot metadata, abort the update
11951197 cycle, and report the failure.
11961198
1197- * ** 3.2** . ** Check signatures.** The new snapshot metadata file MUST have
1198- been signed by a threshold of keys specified in the trusted root metadata
1199- file. If the new snapshot metadata file is not signed as required, discard
1200- it, abort the update cycle, and report the signature failure.
1199+ * ** 3.2** . ** Check for an arbitrary software attack.** The new snapshot
1200+ metadata file MUST have been signed by a threshold of keys specified in the
1201+ trusted root metadata file. If the new snapshot metadata file is not signed
1202+ as required, discard it, abort the update cycle, and report the signature
1203+ failure.
12011204
12021205 * ** 3.3** . ** Check for a rollback attack.** The version number of the targets
1203- metadata file, and all delegated targets metadata files ( if any) , in the
1206+ metadata file, and all delegated targets metadata files, if any, in the
12041207 trusted snapshot metadata file, if any, MUST be less than or equal to its
12051208 version number in the new snapshot metadata file. Furthermore, any targets
12061209 metadata filename that was listed in the trusted snapshot metadata file, if
12071210 any, MUST continue to be listed in the new snapshot metadata file. If any of
1208- these conditions are not met, discard the new snapshot metadadata file, abort
1211+ these conditions are not met, discard the new snapshot metadata file, abort
12091212 the update cycle, and report the failure.
12101213
1211- * ** 3.4** . ** Check for a freeze attack.** The latest known time should be
1214+ * ** 3.4** . ** Check for a freeze attack.** The latest known time MUST be
12121215 lower than the expiration timestamp in the new snapshot metadata file. If
12131216 so, the new snapshot metadata file becomes the trusted snapshot metadata
12141217 file. If the new snapshot metadata file is expired, discard it, abort the
@@ -1228,7 +1231,7 @@ VERSION_NUMBER is the version number of the targets metadata file listed in the
12281231snapshot metadata file.
12291232
12301233 * ** 4.1** . ** Check against snapshot metadata.** The hashes and version
1231- number of the new targets metadata file MUST match the hashes ( if any) and
1234+ number of the new targets metadata file MUST match the hashes, if any, and
12321235 version number listed in the trusted snapshot metadata. This is done, in
12331236 part, to prevent a mix-and-match attack by man-in-the-middle attackers. If
12341237 the new targets metadata file does not match, discard it, abort the update
@@ -1239,7 +1242,7 @@ snapshot metadata file.
12391242 trusted root metadata file. If the new targets metadata file is not signed
12401243 as required, discard it, abort the update cycle, and report the failure.
12411244
1242- * ** 4.3** . ** Check for a freeze attack.** The latest known time should be
1245+ * ** 4.3** . ** Check for a freeze attack.** The latest known time MUST be
12431246 lower than the expiration timestamp in the new targets metadata file. If so,
12441247 the new targets metadata file becomes the trusted targets metadata file. If
12451248 the new targets metadata file is expired, discard it, abort the update cycle,
@@ -1248,7 +1251,7 @@ snapshot metadata file.
12481251 * ** 4.4** . ** Persist targets metadata.** The client MUST write the file to
12491252 non-volatile storage as FILENAME.EXT (e.g. targets.json).
12501253
1251- * ** 4.5** . ** Perform a preorder depth-first search for metadata about the
1254+ * ** 4.5** . ** Perform a pre-order depth-first search for metadata about the
12521255 desired target, beginning with the top-level targets role.** Note: If
12531256 any metadata requested in steps 4.4.1 - 4.4.2.3 cannot be downloaded nor
12541257 validated, end the search and report that the target cannot be found.
@@ -1297,7 +1300,7 @@ snapshot metadata file.
12971300
12981301## ** 6. Usage**
12991302
1300- See https://www. theupdateframework.com / for discussion of recommended usage
1303+ See https://theupdateframework.io / for discussion of recommended usage
13011304 in various situations.
13021305
13031306* ** 6.1. Key management and migration**
@@ -1377,7 +1380,7 @@ snapshot metadata file.
13771380 the cryptographic function) from all digests in the referred file.
13781381
13791382 Additionally, the timestamp metadata (timestamp.json) should also be
1380- written to non-volatile storage whenever it is updated. It is optional for
1383+ written to non-volatile storage whenever it is updated. It is OPTIONAL for
13811384 an implementation to write identical copies at
13821385 version_number.timestamp.json for record-keeping purposes, because a
13831386 cryptographic hash of the timestamp metadata is usually not known in
0 commit comments