Open npdoty opened 2 years ago
The issue was discussed in a meeting on 2022-05-26
I think the PR correctly notes the threat in the threat model now, which was the short term need. ππ»
Is there a way to track issues for the longer term, even if they won't be resolved in this version? Integrity and authenticity are important security characteristics and it seems like existing XML signature functionality isn't providing much (since it doesn't describe who signed it, and it can be trivially downgraded).
Is there a way to track issues for the longer term, even if they won't be resolved in this version? Integrity and authenticity are important security characteristics and it seems like existing XML signature functionality isn't providing much (since it doesn't describe who signed it, and it can be trivially downgraded).
We have a 'status-deferred' label and we do keep some issues open with this label:
We could use that if you prefer (@dauwhe @wareid @shiestyle ?)
The issue was discussed in a meeting on 2022-07-21
In the short term, the threat model should note the possibility that epub files are altered between the author and the reader, or that a book is distributed claiming to be the authentic work of someone else but with no feasible way to verify it.
In the long term, epub should use package-wide signatures (or some other mechanism) to provide at least the option for authenticity and integrity via PKI.