Closed lsd-cat closed 1 week ago
There is an advantage to using hashes but it's not in my opinion a massive one:
So using hashes could be useful but not a game changer. The main reason hashes are not currently used (in addition to making the metadata files larger) is that maintaining the repository becomes a little more complicated with hashes -- while tuf-on-ci tool was being developed we really tried to keep it simple and did not originally implement hashes. We could consider adding that now that things seem to be working solidly.
Another reason some people might avoid the hashes is that it does prevent a use case where additional signatures are added after the metadata is published (Imagine a case where published metadata was signed by threshold of signers but not all of the signers, and then the remaining signers still want to sign) . To be fair this sounds unusual and tuf-on-ci certainly does not do this.
Hey, thank you for the detailed explanation. I am mostly asking for both curiosity of TUF internals and being sure I implement a reasonably secure client. This really helps.
From the TUF spec, 5.5.2:
It seems like no hashes are published https://tuf-repo-cdn.sigstore.dev/timestamp.json. They mention man-in-the-middle, but I guess the same could be achieved by a server compromise, so TLS would protect in one case but not the other. Is there a reason why this is not considered useful?