Comments (5)
If in step 6, the attacker presents release 2, this is a freeze attack, not
a replay attack. The client doesn't see step 5 so it can be ignored.
Replay attacks are all about what the client sees.
A replay is either (using your steps from above):
1, 2, 3, 4, and attacker tries to provide release 1 to the client (your
step 2)
or
1, 3, 4, and attacker tries to provide release 1 to the client (your step 2)
from python-tuf.
Yes, agreed. What we have in place now seems to me more like an arbitrary package attack. Perhaps we should create a wiki page where we specify the attacks in more precise terms like the example above.
from python-tuf.
What we have in place where? Do you mean Kon's code?
Kon: I think what you had when I last looked was right. Can you take a
look at Trishank's description here and let me know what case you're doing?
Thanks,
Justin
On Fri, Mar 15, 2013 at 9:13 AM, TKK [email protected] wrote:
Yes, agreed. What we have in place now seems to me more like an arbitrary
package attack. Perhaps we should create a wiki page where we specify the
attacks in more precise terms like the example above.—
Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/38#issuecomment-14959629
.
from python-tuf.
Sure, let's quickly go over it in the meeting today.
Sent from my iPad
On Mar 15, 2013, at 9:29 AM, JustinCappos [email protected] wrote:
What we have in place where? Do you mean Kon's code?
Kon: I think what you had when I last looked was right. Can you take a
look at Trishank's description here and let me know what case you're doing?Thanks,
JustinOn Fri, Mar 15, 2013 at 9:13 AM, TKK [email protected] wrote:
Yes, agreed. What we have in place now seems to me more like an arbitrary
package attack. Perhaps we should create a wiki page where we specify the
attacks in more precise terms like the example above.—
Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/38#issuecomment-14959629
.—
Reply to this email directly or view it on GitHub.
from python-tuf.
Konst, feel free to close this issue if you think it has been addressed.
from python-tuf.
Related Issues (20)
- tests: remove obsolete test metadata HOT 1
- repository: redesign needed after recent verify_delegate changes
- build: Enable python 3.12 HOT 4
- investigate alternative hatchling version pinning HOT 2
- Consider including `securesystemslib[crypto]` as a dependency in TUF HOT 4
- VerificationResult should include keys for keyids HOT 4
- Replace most linting tools with ruff HOT 1
- repository: maybe provide a Repository.get_delegating_role() HOT 2
- Yearly maintainer permissions review HOT 1
- Change `securesystemslib.dsse.Envelope.signatures` to dict upstream HOT 2
- Test all components with DSSE
- Test "ruff check --output-format=github" HOT 2
- linting: Enable more ruff rulesets HOT 7
- linting: enable pycodestyle for tests
- datetime.utcnow() is deprecated: stop using it HOT 1
- SimpleEnvelope._DEFAULT_PAYLOAD_TYPE should be public? HOT 1
- should build job require prior test job to pass? HOT 3
- possible blog post: Caching TUF metadata HOT 3
- provide user-agent customization?
- workflows: macos runners are missing older pythons
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-tuf.