Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests: Add testing to detect rollback attacks by using prior state #413

Closed
asraa opened this issue Sep 28, 2022 · 1 comment
Closed

Tests: Add testing to detect rollback attacks by using prior state #413

asraa opened this issue Sep 28, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@asraa
Copy link
Contributor

asraa commented Sep 28, 2022
edited
Loading

Description

Right now, we test against client states that just include initial/recent roots.

We should also be testing with clients that have some recent state, e.g. a prior root-signing: this way we can detect roll-back attacks, and would have detected the version issue https://github.com/sigstore/root-signing/pull/327/files

Detected in #410

cc @joshuagl
@asraa asraa added the enhancement New feature or request label Sep 28, 2022
@jku
Copy link
Member

jku commented Sep 5, 2024

current preprod test (test.yml) has a TUF client test that has two modes

  • a pristine client (client with initial root.json updates from preprod)
  • client upgrade (client with initial root.json updates from prod and then updates from preprod)

@jku jku closed this as completed Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jku @asraa