Skip to content

Notary 2015 NCC security audit review #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
titanous opened this issue Aug 8, 2016 · 5 comments
Closed

Notary 2015 NCC security audit review #356

titanous opened this issue Aug 8, 2016 · 5 comments

Comments

@titanous
Copy link
Contributor

titanous commented Aug 8, 2016

Notary commissioned a security audit of their code last year. Even though it was not of the Python code or specification, there are some items that are worth checking in the reference code and addressing in the specification.

  1. Signature Algorithm Not Matched to Key – I believe the signature method should be removed from the specification and each key type should only have one associated signature method. This mitigates this potential implementation bug completely.
  2. Compromise of Authority Keys Allows Extended Freeze/Compromise – This is an implementation bug. The spec is very clear that the root expiry needs to be checked.
  3. Temporary Access to Timestamp, Snapshot, or Targets Key Enables Persistent Lockout – The report makes this sound like an implementation bug, however the spec currently says "Clients MUST NOT replace a metadata file with a version number less than the one currently trusted." It seems like the scenario of an attacker bricking updates by bumping the version to the maximum integer should be considered.

The rest of the issues are specific to Notary and not relevant to the Python implementation or specification.

@vladimir-v-diaz
Copy link
Contributor

Thanks for bringing this to our attention.

  1. Temporary Access to Timestamp, Snapshot, or Targets Key Enables Persistent Lockout
    We've added the "Fast-forward" attack to the specification to specifically address this issue. Another edit to the specification will be made to clearly outline how one should recover from a fast-forward attack. Add description of fast-forward attack to SECURITY.md #342
  2. Compromise of Authority Keys Allows Extended Freeze/Compromise
    We found a similar scenario in which expiration of unchanged metadata files may not be detected.
    It was fixed here: Client: Freeze attack issue - expiry of metadata may not be detected #322
  3. Signature Algorithm Not Matched to Key
    We'll take a closer look at this.

@SantiagoTorres
Copy link
Member

I just ran into this issue. Is this worth reviewing?

@mnm678
Copy link
Contributor

mnm678 commented Sep 5, 2019

There was a lot of discussion about the Signature Algorithm Not Matched to Key issue in #425 which was resolved with TAP 9.

@trishankatdatadog
Copy link
Member

Yeah, didn't we already fix this?

@SantiagoTorres
Copy link
Member

We did, I will close this issue now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants