From 890b38349c3a80e6429d2dada2f3840a599d3574 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Fri, 15 Nov 2019 11:55:13 +0100 Subject: [PATCH] Mention freeze attack in root migration paragraph --- tuf-spec.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tuf-spec.md b/tuf-spec.md index 0309937..74b57a8 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -1311,6 +1311,11 @@ non-volatile storage as FILENAME.EXT. versions. See step 1 of the client application workflow in Section 5 for more details. + Note that an attacker, who controls the repository, can launch freeze + attacks by withholding new root metadata. The attacker does not need to + compromise root keys to do so. However, these freeze attacks are limited by + the expiration time of the latest root metadata available to the client. + To replace a delegated developer key, the role that delegated to that key just replaces that key with another in the signed metadata where the delegation is done.