Skip to content

TAP-17: Remove signature wrapper from TUF spec #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 18, 2021
Merged

TAP-17: Remove signature wrapper from TUF spec #138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
* [TAP 14: Managing TUF Versions](tap14.md)
* [TAP 15: Succinct hashed bin delegations](tap15.md)
* [TAP 16: Snapshot Merkle Trees](tap16.md)
* [TAP 17: Remove Signature Wrapper from the TUF Specification](tap17.md)

## Rejected

Expand Down
110 changes: 110 additions & 0 deletions tap17.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
* TAP: 17
* Title: Remove Signature Wrapper from the TUF Specification
* Version: 1
* Last-Modified: 11/11/2021
* Author: Aditya Sirish A Yelgundhalli, Marina Moore
* Type: Standardization
* Status: Draft
* Content-Type: markdown
* Created: 30/04/2021
* Requires: TAP-11, TAP-14
* +TUF-Version:
* +Post-History:

# Abstract

This TUF Augmentation Proposal (TAP) proposes removing the definition of a
specific signature wrapper and key definitions, and instead defines certain
properties a wrapper must have. Further, it suggests POUF-1 as an example
implementors can refer to when choosing to generate TUF metadata.

# Specification

The TUF specification as of v1.0.25 uses a custom signature wrapper. At the
time of authoring this document, the primary reference implementation written
in Python also generates TUF metadata using the same signature wrapper.

However, TUF does not mandate the use of this signature wrapper, nor any
specific metaformat. Indeed,
[TAP-11, "Using POUFs for Interoperability"](https://github.com/theupdateframework/taps/blob/master/tap11.md)
enables adopters to make their own decisions for their implementations, and
provides a mechanism for them to document their decisions.
[POUF-1](/POUFS/reference-POUF/pouf1.md) is the POUF for the official reference
implementation, and it seems like the obvious choice for this information to be
specified.

Section 4.2 of the TUF specification, titled "File formats: general principles"
may be replaced by a description of the properties that any signature wrapper used
by a TUF implementation must provide. Some important properties:

* SHOULD include an authenticated payload type
* SHOULD avoid depending on canonicalization for security
* SHOULD NOT require the verifier to parse the payload before verifying
* SHOULD NOT require the inclusion of signing key algorithms in the signature
* MUST support the inclusion of multiple signatures in a file
* SHOULD support a hint indicating what signing key was used, i.e., a KEYID

The presence of an authenticated payload type can be valuable for a project like TUF,
with multiple implementations and derivatives. Indeed, every POUF that describes an
implementation MUST choose a unique payload type, ensuring that there is no confusion
about which implementation generated some piece of metadata.
Comment on lines +48 to +50
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the POUF format be updated to include capturing the unique payload type for an implementation? Should we provide any guidance on forming payload type?

The spec should probably more strongly recommend capturing the implementation details in a POUF, especially the payload type.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the POUF format be updated to include capturing the unique payload type for an implementation?

This is probably a good idea. @mnm678 what do you think?

TAP-11 lists only the minimum fields a POUF must contain, so in theory it can be extended without changing the TAP, but it's probably worth adding a field. I also wonder if it's worth adding something to formally identify the implementations a POUF describes. POUF-1 identifies the python implementation, but does it also describe the Go implementation, for example? Should it link to them?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we provide any guidance on forming payload type?

I'm not sure we can, since we're only saying the envelope should support an authenticated payload type, while each envelope format may enforce its own standard. Guidance here may run afoul of some signature wrapper that is otherwise compliant? I think the selection of a unique payload type that conforms to a particular wrapper's specification is sufficient, as long as it's recorded in the corresponding POUF.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's worth referring to a survey of wrappers to understand their guidelines for payload types. We may be able to specify some aspects like "include information about encoding" without running into trouble.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the POUF format be updated to include capturing the unique payload type for an implementation?

This is probably a good idea. @mnm678 what do you think?

TAP-11 lists only the minimum fields a POUF must contain, so in theory it can be extended without changing the TAP, but it's probably worth adding a field. I also wonder if it's worth adding something to formally identify the implementations a POUF describes. POUF-1 identifies the python implementation, but does it also describe the Go implementation, for example? Should it link to them?

I agree, I think we could add payload type as a subsection of Formats in the POUF definition.

I would say the implementations should/could link to the POUF rather than the other way around. The implementation implements TUF plus some POUF.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would say the implementations should/could link to the POUF rather than the other way around. The implementation implements TUF plus some POUF.

Makes sense to me.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM, I think we can file an issue against TAP 11 to discuss payload type once we merge this as draft.


# Motivation

TAP-11 introduced the concept of POUFs but the TUF specification continues to
specify example formats, namely those used by the reference implementation as
of June 2021. These definitions are essentially replicated in POUF-1, which is
meant to be the authoritative source for information about the reference
implementation. By replacing these definitions with *properties* that a wrapper
must possess, the specification can aid adopters with the development of their
implementations and the POUF can serve as an example. In this scenario, both
documents are serving the purpose originally envisioned for them.

Further, the examples used in the specification are from the old signature
wrapper that includes certain side effects:
* it requires canonicalization before signature verification
* it does not allow for distinguishing different implementations that may have
slightly different formats, i.e., it's missing a payload type

# Rationale

Moving the signature wrapper details out of the specification, and instead
requiring adopters to refer to POUFs for specifics of an implementation ensures
a clean separation between implementation details and the TUF specification.
Indeed, it also ensures that the focus of the reader is on only the TUF
primitives rather than burdening them with the specifics of the signature
wrapper.

# Security Analysis

Any implementations that build on the properties listed in this document
will have their security enhanced.

# Backwards Compatibility

The changes proposed in this TAP are backwards compatible with respect to the
TUF specification. However, for implementations looking to switch to a
signature wrapper with the properties described here, the change may be
backwards incompatible. In these instances, the implementations SHOULD set a
transition period during which they support both old-style and new-style
envelopes. This transition period MUST be clearly communicated to their users
using their standard channels.
[TAP-14, "Managing TUF Versions"](https://github.com/theupdateframework/taps/blob/master/tap14.md)
contains some useful information about distributing metadata in multiple formats
that can be used during the transition period.

# Augmented Reference Implementation

TODO: POUF-1 will be updated separately, along with the implementation itself.
See POUF-1 for details about the reference implementation.

# Copyright

This document has been placed in the public domain.

# References

* [TAP-11](https://github.com/theupdateframework/taps/blob/master/tap11.md)
* [TAP-14](https://github.com/theupdateframework/taps/blob/master/tap14.md)
* [File formats in TUF Specification](https://theupdateframework.github.io/specification/latest/index.html#file-formats-general-principles)
* [POUF-1](/POUFS/reference-POUF/pouf1.md)