You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, we test against client states that just include initial/recent roots.
We should also be testing with clients that have some recent state, e.g. a prior root-signing: this way we can detect roll-back attacks, and would have detected the version issue https://github.com/sigstore/root-signing/pull/327/files
Description
Right now, we test against client states that just include initial/recent roots.
We should also be testing with clients that have some recent state, e.g. a prior root-signing: this way we can detect roll-back attacks, and would have detected the version issue https://github.com/sigstore/root-signing/pull/327/files
Detected in #410
cc @joshuagl
The text was updated successfully, but these errors were encountered: