Skip to content

Commit 3a40e32

Browse files
joshuagljoshuagl
committed
Use fixed notion of time with snapshot and targets
Update the freeze attack checks for snapshot and targets metadata to use the fixed notion of time introduced in 6546e34.
1 parent 465ff48 commit 3a40e32

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

tuf-spec.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1227,11 +1227,11 @@ the timestamp metadata file.
12271227
these conditions are not met, discard the new snapshot metadata file, abort
12281228
the update cycle, and report the failure.
12291229

1230-
* **5.4.5**. **Check for a freeze attack.** The latest known time MUST be
1231-
lower than the expiration timestamp in the new snapshot metadata file. If
1232-
so, the new snapshot metadata file becomes the trusted snapshot metadata
1233-
file. If the new snapshot metadata file is expired, discard it, abort the
1234-
update cycle, and report the potential freeze attack.
1230+
* **5.4.5**. **Check for a freeze attack.** The expiration timestamp in the
1231+
new snapshot metadata file MUST be higher than the fixed update expiration
1232+
time. If so, the new snapshot metadata file becomes the trusted snapshot
1233+
metadata file. If the new snapshot metadata file is expired, discard it,
1234+
abort the update cycle, and report the potential freeze attack.
12351235

12361236

12371237
* **5.4.6**. **Persist snapshot metadata.** The client MUST write the file to
@@ -1264,11 +1264,11 @@ snapshot metadata file.
12641264
in the trusted snapshot metadata. If the versions do not match, discard it,
12651265
abort the update cycle, and report the failure.
12661266

1267-
* **5.5.4**. **Check for a freeze attack.** The latest known time MUST be
1268-
lower than the expiration timestamp in the new targets metadata file. If so,
1269-
the new targets metadata file becomes the trusted targets metadata file. If
1270-
the new targets metadata file is expired, discard it, abort the update cycle,
1271-
and report the potential freeze attack.
1267+
* **5.5.4**. **Check for a freeze attack.** The expiration timestamp in the
1268+
new targets metadata file MUST be higher than the fixed update expiration
1269+
time. If so, the new targets metadata file becomes the trusted targets
1270+
metadata file. If the new targets metadata file is expired, discard it,
1271+
abort the update cycle, and report the potential freeze attack.
12721272

12731273
* **5.5.5**. **Persist targets metadata.** The client MUST write the file to
12741274
non-volatile storage as FILENAME.EXT (e.g. targets.json).

0 commit comments

Comments
 (0)