Add TAP introducing snapshot Merkle trees #125
Commits on Feb 3, 2021
-
Add initial draft of tap introducing snapshot merkle trees
Signed-off-by: marinamoore <mnm678@gmail.com>
-
Use repository instead of registry
The TUF spec uses the term repository to refer to the server that stores updates. Signed-off-by: marinamoore <mnm678@gmail.com>
-
Snapshot holds targets metadata information, not targets information
Signed-off-by: marinamoore <mnm678@gmail.com>
-
Update security analysis for snapshot merkle TAP
Add attack descriptions and comparison to the existing TUF specification Signed-off-by: marinamoore <mnm678@gmail.com>
-
Simplify the abstract for snapshot merkle tap
Signed-off-by: marinamoore <mnm678@gmail.com>
-
Clarify client verification and auditing
Add clarifications based on feedback on the pr. Signed-off-by: marinamoore <mnm678@gmail.com>
-
Apply edits for clarity from code review
Co-authored-by: Joshua Lock <jlock@vmware.com>
-
Add clarifications based on review
This commit adds clarifications to: * The size of snapshot merkle metadata * Information included in the merkle metadata * Fast forward attack recovery Signed-off-by: Marina Moore <mnm678@gmail.com>
-
Assign TAP number to Snapshot Merke Tree TAP
Signed-off-by: Marina Moore <mnm678@gmail.com>
-
Add summary to security analysis
Add a quick comparison to the existing specification to each section of the security analysis to make it clear what the differences are with and without auditors. Signed-off-by: Marina Moore <mnm678@gmail.com>
-
Credit to @joshuagl for helping with the text here. This commit makes the abstract shorter and more in line with the requirements of TAP 1. Signed-off-by: Marina Moore <mnm678@gmail.com>
-
Add section for client interaction with auditors
Add a section that describes a few options for how clients can verify that a Merkle tree has been verified by an auditor. Signed-off-by: Marina Moore <mnm678@gmail.com>
