From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DFCBE1396D9 for ; Mon, 30 Oct 2017 16:52:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8342C2BC14A; Mon, 30 Oct 2017 16:52:32 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 557F52BC143 for ; Mon, 30 Oct 2017 16:52:32 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3585A3416EB for ; Mon, 30 Oct 2017 16:52:31 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C1BA983E for ; Mon, 30 Oct 2017 16:52:29 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1509380966.f98cabc0c30dc18f5b602865eb8e84abf429ba8d.mgorny@gentoo> Subject: [gentoo-commits] data/glep:glep-manifest commit in: / X-VCS-Repository: data/glep X-VCS-Files: glep-0074.rst X-VCS-Directories: / X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: f98cabc0c30dc18f5b602865eb8e84abf429ba8d X-VCS-Branch: glep-manifest Date: Mon, 30 Oct 2017 16:52:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: ac27b112-1de4-4988-badf-0fe4b1778ece X-Archives-Hash: 048988f7f7fcbfe6a556d93dfe79281b commit: f98cabc0c30dc18f5b602865eb8e84abf429ba8d Author: Michał Górny gentoo org> AuthorDate: Mon Oct 30 16:28:34 2017 +0000 Commit: Michał Górny gentoo org> CommitDate: Mon Oct 30 16:29:26 2017 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=f98cabc0 glep-0074: Reorganize to have tag references after basic algos Reorganize so that file & timestamp verification come first, then tag references, then specialized algos and other informational sections. Rename 'new Manifest tags' to 'modern ...' since some of them are old. glep-0074.rst | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/glep-0074.rst b/glep-0074.rst index d476ff3..a37ad34 100644 --- a/glep-0074.rst +++ b/glep-0074.rst @@ -163,8 +163,30 @@ reject any package or even the whole repository if it may refer to files for which the verification failed. -New Manifest tags ------------------ +Timestamp verification +---------------------- + +The Manifest file can contain a ``TIMESTAMP`` entry to account +for attacks against tree update distribution. If such an entry +is present, it should be updated every time at least one +of the Manifests changes. Every unique timestamp value must correspond +to a single tree state. + +During the verification process, the client should compare the timestamp +against the update time obtained from a local clock or a trusted time +source. If the comparison result indicates that the Manifest at the time +of receiving was already significantly outdated, the client should +either fail the verification or require manual confirmation from user. + +Furthermore, the Manifest provider may employ additional methods +of distributing the timestamps of recently generated Manifests +using a secure channel from a trusted source for exact comparison. +The exact details of such a solution are outside the scope of this +specification. + + +Modern Manifest tags +-------------------- The Manifest files can specify the following tags: @@ -228,28 +250,6 @@ allowed at the package directory level: to ``files/`` subdirectory. -Timestamp verification ----------------------- - -The Manifest file can contain a ``TIMESTAMP`` entry to account -for attacks against tree update distribution. If such an entry -is present, it should be updated every time at least one -of the Manifests changes. Every unique timestamp value must correspond -to a single tree state. - -During the verification process, the client should compare the timestamp -against the update time obtained from a local clock or a trusted time -source. If the comparison result indicates that the Manifest at the time -of receiving was already significantly outdated, the client should -either fail the verification or require manual confirmation from user. - -Furthermore, the Manifest provider may employ additional methods -of distributing the timestamps of recently generated Manifests -using a secure channel from a trusted source for exact comparison. -The exact details of such a solution are outside the scope of this -specification. - - Algorithm for full-tree verification ------------------------------------