diff options
author | Michał Górny <mgorny@gentoo.org> | 2017-10-30 17:28:34 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2017-11-25 21:49:14 +0100 |
commit | 6e2ae17e67641b514b602365d61a16465ec9f9eb (patch) | |
tree | 36c0635ebfc6e2303ae86e674bb01380d7f30d87 /glep-0074.rst | |
parent | glep-0074: Rewrite the file verificaton to cover OPTIONAL (diff) | |
download | glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.gz glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.tar.bz2 glep-6e2ae17e67641b514b602365d61a16465ec9f9eb.zip |
glep-0074: Reorganize to have tag references after basic algos
Reorganize so that file & timestamp verification come first, then tag
references, then specialized algos and other informational sections.
Rename 'new Manifest tags' to 'modern ...' since some of them are old.
Diffstat (limited to 'glep-0074.rst')
-rw-r--r-- | glep-0074.rst | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/glep-0074.rst b/glep-0074.rst index d476ff3..a37ad34 100644 --- a/glep-0074.rst +++ b/glep-0074.rst @@ -163,8 +163,30 @@ reject any package or even the whole repository if it may refer to files for which the verification failed. -New Manifest tags ------------------ +Timestamp verification +---------------------- + +The Manifest file can contain a ``TIMESTAMP`` entry to account +for attacks against tree update distribution. If such an entry +is present, it should be updated every time at least one +of the Manifests changes. Every unique timestamp value must correspond +to a single tree state. + +During the verification process, the client should compare the timestamp +against the update time obtained from a local clock or a trusted time +source. If the comparison result indicates that the Manifest at the time +of receiving was already significantly outdated, the client should +either fail the verification or require manual confirmation from user. + +Furthermore, the Manifest provider may employ additional methods +of distributing the timestamps of recently generated Manifests +using a secure channel from a trusted source for exact comparison. +The exact details of such a solution are outside the scope of this +specification. + + +Modern Manifest tags +-------------------- The Manifest files can specify the following tags: @@ -228,28 +250,6 @@ allowed at the package directory level: to ``files/`` subdirectory. -Timestamp verification ----------------------- - -The Manifest file can contain a ``TIMESTAMP`` entry to account -for attacks against tree update distribution. If such an entry -is present, it should be updated every time at least one -of the Manifests changes. Every unique timestamp value must correspond -to a single tree state. - -During the verification process, the client should compare the timestamp -against the update time obtained from a local clock or a trusted time -source. If the comparison result indicates that the Manifest at the time -of receiving was already significantly outdated, the client should -either fail the verification or require manual confirmation from user. - -Furthermore, the Manifest provider may employ additional methods -of distributing the timestamps of recently generated Manifests -using a secure channel from a trusted source for exact comparison. -The exact details of such a solution are outside the scope of this -specification. - - Algorithm for full-tree verification ------------------------------------ |