@@ -1489,13 +1489,7 @@ it in the next step.
14891489 1 . Let DELEGATEE denote the current target role TARGETS is
14901490 delegating to.
14911491
1492- 2 . ** Check for a rollback attack via snapshot.** The version number of the
1493- DELEGATEE metadata in the previous trusted snapshot metadata, if any, MUST
1494- be less than or equal to its version number in the new trusted snapshot
1495- metadata. If this is not the case, abort the update cycle, and report the
1496- potential rollback attack.
1497-
1498- 3 . ** Download the DELEGATEE targets metadata file** , up to either
1492+ 2 . ** Download the DELEGATEE targets metadata file** , up to either
14991493 the number of bytes specified in the snapshot metadata file, or some Z
15001494 number of bytes. The value for Z is set by the authors of the application
15011495 using TUF. For example, Z may be tens of kilobytes. IF DELEGATEE cannot be
@@ -1508,40 +1502,33 @@ it in the next step.
15081502 in the snapshot metadata file. In either case, the client MUST write the
15091503 file to non-volatile storage as FILENAME.EXT.
15101504
1511- 4 . ** Check against snapshot metadata.** The hashes (if any), and
1505+ 3 . ** Check against snapshot metadata.** The hashes (if any), and
15121506 version number of the new DELEGATEE metadata file MUST match the trusted
15131507 snapshot metadata, if any. This is done, in part, to prevent a mix-and-match
15141508 attack by man-in-the-middle attackers. If the new DELEGATEE metadata file
15151509 does not match, abort the update cycle, and report the failure.
15161510
1517- 5 . ** Check for an arbitrary software attack.** The new DELEGATEE
1511+ 4 . ** Check for an arbitrary software attack.** The new DELEGATEE
15181512 metadata file MUST have been signed by a threshold of keys specified in the
15191513 TARGETS metadata file. If the new DELEGATEE metadata file is not signed
15201514 as required, abort the update cycle, and report the failure.
15211515
1522- 6 . ** Check for a rollback attack on the DELEGATEE metadata.**
1523- The version number of the trusted DELEGATEE metadata file, if any, MUST be
1524- less than or equal to the version number of the new DELEGATE metadata
1525- file. If the new DELEGATEE metadata file is older than the trusted
1526- DELEGATEE metadata file abort the update cycle, and report the potential
1527- rollback attack.
1528-
1529- 7 . ** Check for a freeze attack.** The latest known time
1516+ 5 . ** Check for a freeze attack.** The latest known time
15301517 should be lower than the expiration timestamp in the new DELEGATEE
15311518 metadata file. If so, the new DELEGATEE file becomes the trusted DELEGATEE
15321519 file. If the new DELEGATEE metadata file is expired, abort the update
15331520 cycle, and report the potential freeze attack.
15341521
1535- 8 . If the current delegation is a multi-role delegation,
1522+ 6 . If the current delegation is a multi-role delegation,
15361523 recursively visit each role, and check that each has signed exactly the
15371524 same non-custom metadata (i.e., length and hashes) about the target (or
15381525 the lack of any such metadata). Otherwise, abort the update cycle, and
15391526 report the failure.
15401527
1541- 9 . If the current delegation is a terminating delegation,
1528+ 7 . If the current delegation is a terminating delegation,
15421529 then jump to step [[ #fetch-target]] .
15431530
1544- 10 . Otherwise, if the current delegation is a non-terminating
1531+ 8 . Otherwise, if the current delegation is a non-terminating
15451532 delegation, continue processing the next delegation, if any, by repeating
15461533 the preorder depth-first search with DELEGATEE as the current TARGET role.
15471534 Stop the search, and jump to step [[ #fetch-target]] . as soon as a
0 commit comments