diff options
author | Michał Górny <mgorny@gentoo.org> | 2017-10-30 17:28:34 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2017-11-25 21:49:14 +0100 |
commit | 6e2ae17e67641b514b602365d61a16465ec9f9eb (patch) | |
tree | 36c0635ebfc6e2303ae86e674bb01380d7f30d87 | |
parent | glep-0074: Rewrite the file verificaton to cover OPTIONAL (diff) | |
download | glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.gz glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.bz2 glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.zip |
glep-0074: Reorganize to have tag references after basic algos
Reorganize so that file & timestamp verification come first, then tag
references, then specialized algos and other informational sections.
Rename 'new Manifest tags' to 'modern ...' since some of them are old.
-rw-r--r-- | glep-0074.rst | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/glep-0074.rst b/glep-0074.rst index d476ff3..a37ad34 100644 --- a/glep-0074.rst +++ b/glep-0074.rst @@ -163,8 +163,30 @@ reject any package or even the whole repository if it may refer to files for which the verification failed. -New Manifest tags ------------------ +Timestamp verification +---------------------- + +The Manifest file can contain a ``TIMESTAMP`` entry to account +for attacks against tree update distribution. If such an entry +is present, it should be updated every time at least one +of the Manifests changes. Every unique timestamp value must correspond +to a single tree state. + +During the verification process, the client should compare the timestamp +against the update time obtained from a local clock or a trusted time +source. If the comparison result indicates that the Manifest at the time +of receiving was already significantly outdated, the client should +either fail the verification or require manual confirmation from user. + +Furthermore, the Manifest provider may employ additional methods +of distributing the timestamps of recently generated Manifests +using a secure channel from a trusted source for exact comparison. +The exact details of such a solution are outside the scope of this +specification. + + +Modern Manifest tags +-------------------- The Manifest files can specify the following tags: @@ -228,28 +250,6 @@ allowed at the package directory level: to ``files/`` subdirectory. -Timestamp verification ----------------------- - -The Manifest file can contain a ``TIMESTAMP`` entry to account -for attacks against tree update distribution. If such an entry -is present, it should be updated every time at least one -of the Manifests changes. Every unique timestamp value must correspond -to a single tree state. - -During the verification process, the client should compare the timestamp -against the update time obtained from a local clock or a trusted time -source. If the comparison result indicates that the Manifest at the time -of receiving was already significantly outdated, the client should -either fail the verification or require manual confirmation from user. - -Furthermore, the Manifest provider may employ additional methods -of distributing the timestamps of recently generated Manifests -using a secure channel from a trusted source for exact comparison. -The exact details of such a solution are outside the scope of this -specification. - - Algorithm for full-tree verification ------------------------------------ |