This relates to tests added in 0a81fc177fa810313f196d49497e979ee4a9b6f6: the test assumes that root should be considered valid by a client even if it contains keytypes/schemes that the client does not recognise (this assumes the signing threshold of root is still reached with the keys that it does understand)
The spec does not seem to really say anything about this. The argument against considering metadata like this valid are that
it's hard to imagine a realistic scenario where this would happen in the real world (meaning a situation where accepting metadata with unknown keys would lead to a functioning TUF client update: typically if keys are added to metadata, they are also required for verifying signatures...)
A client silently doing nothing with keys that it does not understand sounds like a potential for bugs later on
I'm filing this issues because I plan to remove the test for now: let's figure out what the correct behaviour is first and re-add them (or some simpler tests) afterwards if needed.
AdamKorcz
commented
2 months ago
This relates to tests added in 0a81fc177fa810313f196d49497e979ee4a9b6f6: the test assumes that root should be considered valid by a client even if it contains keytypes/schemes that the client does not recognise (this assumes the signing threshold of root is still reached with the keys that it does understand)
The spec does not seem to really say anything about this. The argument against considering metadata like this valid are that
I'm filing this issues because I plan to remove the test for now: let's figure out what the correct behaviour is first and re-add them (or some simpler tests) afterwards if needed.