Mention freeze attack in root migration paragraph

lukpueh · Nov 15, 2019 · 890b383 · 890b383
1 parent 085d453
commit 890b383
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/tuf-spec.md b/tuf-spec.md
@@ -1311,6 +1311,11 @@ non-volatile storage as FILENAME.EXT.
    versions. See step 1 of the client application workflow in Section 5 for
    more details.
 
+   Note that an attacker, who controls the repository, can launch freeze
+   attacks by withholding new root metadata. The attacker does not need to
+   compromise root keys to do so. However, these freeze attacks are limited by
+   the expiration time of the latest root metadata available to the client.
+
    To replace a delegated developer key, the role that delegated to that key
    just replaces that key with another in the signed metadata where the
    delegation is done.