theupdateframework · vladimir-v-diaz · Oct 18, 2016 · Sep 1, 2016 · Sep 1, 2016 · Sep 1, 2016
@@ -1000,12 +1000,14 @@ Version 1.0 (Draft)
    To replace a compromised root key or any other top-level role key, the root
    role signs a new root.json file that lists the updated trusted keys for the
    role.  When replacing root keys, an application will sign the new root.json
-   file with both the new and old root keys until all clients are known to have
-   obtained the new root.json file (a safe assumption is that this will be a
-   very long time or never).  There is no risk posed by continuing to sign the
-   root.json file with revoked keys as once clients have updated they no longer
-   trust the revoked key.  This is only to ensure outdated clients remain able
-   to update.
+   file with both the new and old root keys. Any time such a change is
+   required, the root.json file is versioned and accessible by version number,
+   e.g. 3.root.json. Clients update the set of trusted root keys by requesting
+   the current root.json and all previous root.json versions, until one is
+   found that has been signed by keys the client already trusts. This is to 
+   ensure that outdated clients remain able to update, without requiring all 
+   previous root keys to be kept to sign new root.json metadata.
+
 
    To replace a delegated developer key, the role that delegated to that key
    just replaces that key with another in the signed metadata where the

@@ -3,14 +3,35 @@
   {
    "keyid": "a0650f29dde63403cc4eec28a1c66f2262d6339434a01c63a881a48bedd9bca9",
    "method": "ed25519",
-   "sig": "98c7634186f7a02b3a56d8204e62b3a1d25225935dc47c720426ef591d09931e071f96f8d47ef3ec814dd7278f05c01190e60386ad03e546869c7aeeb3249703"
+   "sig": "e8f6db97fcad5eb2ca1cf5fc6b6d4579d026811581b0d2061af90c7cb26d966e15a06e7c596f663b05aa061308929f96136167359fc9d44919a36383403abd09"
   }
  ],
  "signed": {
   "_type": "Targets",
   "delegations": {
-   "keys": {},
-   "roles": []
+   "keys": {
+    "a0650f29dde63403cc4eec28a1c66f2262d6339434a01c63a881a48bedd9bca9": {
+     "keyid_hash_algorithms": [
+      "sha256",
+      "sha512"
+     ],
+     "keytype": "ed25519",
+     "keyval": {
+      "public": "3b11296fe2dba14a2ef204e542e9e4195293bcf3042655e3d7e4ef5afe3cf36a"
+     }
+    }
+   },
+   "roles": [
+    {
+     "keyids": [
+      "a0650f29dde63403cc4eec28a1c66f2262d6339434a01c63a881a48bedd9bca9"
+     ],
+     "name": "role2",
+     "paths": [],
+     "terminating": false,
+     "threshold": 1
+    }
+   ]
   },
   "expires": "2030-01-01T00:00:00Z",
   "targets": {

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "a0650f29dde63403cc4eec28a1c66f2262d6339434a01c63a881a48bedd9bca9",
+   "method": "ed25519",
+   "sig": "8fdca8154157e983d86efb16917ad973941dfa75a47d99a88b393d0955f1508aff55b66d0592ff2ad2f431d6826d6544009a921b5aae503f3f795b09ed549f0a"
+  }
+ ],
+ "signed": {
+  "_type": "Targets",
+  "delegations": {
+   "keys": {},
+   "roles": []
+  },
+  "expires": "2030-01-01T00:00:00Z",
+  "targets": {},
+  "version": 1
+ }
+}
@@ -3,7 +3,7 @@
   {
    "keyid": "5602f4df0cd26b2112f0833b1ce8d5fcbb595754961d3a04f37b9815e2ced503",
    "method": "RSASSA-PSS",
-   "sig": "3851d11ed11ea69ab5d873cfd015de79dc856d83e0a060e73d535d705da086c26191e6bc1ed6bbdde9305c3816c1c5885b48cf51c41fedc906a5ebe0e33a6b823145d40bd3e588e77c6bc724b62f4b2ca9700da03e0ba603170bfd365ea1d25ee7f9661848a14f5916869f00f3e03aa4cb468a4de647bbf205b96f9aa8dd408e3e0b1f9d53fe74654dfe139441dfe3651b3473b67bd104d754112e594a9c6ed0127e94b9057322d630f70c93c01d0cd0c2b98f6abdfd2ed7ac7dc5d3e201d191e168992574edfa935bb2a2cbaa67532c7aaddd4582b53a015c11e567d7fe7ba38cc743e7a939b9e7f2e334b48f46bdf4b82b66e639189644998d90a27847e63e8ade170f8c8aa15c8076b0af8032d78870ac18278663eddb08a7eed30c199c97c81d30bdf47d6649c7ab297120b983d9b6a1da648026d552be73bb77a9346f98a3b8db1a583b71bb706c397a3142f8194c80e62a1632152cd2ffd340605325ea39baf60fb30cf574701e5ae07efee75fc51df4f1810f3ce14345c466d25e36a3"
+   "sig": "3a5a1d2c4fba47117b1d297517261da9f13d6bfbdfd322bb68d5631ff456dba6446e35cd0d67cf068d1592cd80333f5566b74225dfbdc2aead60ea4ca2f79a4d4542e9d6039d9715404f07ca05145b02a53241ec30a992161777cc9154e9a8fc37cd292f6dd11af4acfc307b8b4ccb3024ad3d5409d24b91b6ae9f542d8813641f0d8d4c5a16d30f471937c2badcffc591f0e32f81755b44e8139d69042213997d459711c482a7bde2e0177ba0079a3d7cf19f825f0619c114dc88ff9eada298b7e524c727a51fbe5b9e59221f0a515931427aa662022738a03c3b1f44953e6a110e0aacbd55c328f9f0bbe97d3f6bde5fe0b3d390b5da3442ea02cc06b7b5daef31f2356283ab197d11f677c57106897b27ca2c2ada87880d906416d9de90ac1593312af726f4a43f9290b19a81d4d092be6408deb53469dabd27f1d4a16d5f306736d483a5f9b4ab820d4e8ffca2f05ba0e501062da11389da137a0aff7c8111e28269a609fe602eb1786d1732f43d6cddbe6c5847241697a7ed5f395879b4"
   }
  ],
  "signed": {

@@ -3,7 +3,7 @@
   {
    "keyid": "182216b8800c50ddf000043b31ddf90d815c754ab4e0b31a5952a839b371bed9",
    "method": "ed25519",
-   "sig": "1f81170dfee2f170f6814cb2f909f0ad0a283eb3f8b7924f41d14ea81efab2c43491aaedce30338fce483fcad32ba0bde729e9b6b44888c99401ee04a5e43302"
+   "sig": "9419a135b0c41fe350d712f944047661ddfa2c8b4cb141088976bc789c8ea55aba6efff78dcfa46b11790136281ae649e1e421713fbab47e274e1afd838aca03"
   }
  ],
  "signed": {
@@ -13,9 +13,12 @@
    "role1.json": {
     "version": 1
    },
+   "role2.json": {
+    "version": 1
+   },
    "root.json": {
     "hashes": {
-     "sha256": "9d0ed7fce4914cd97997c03def8c94b0aeb10aebc383e0d747a8e8257a84c8ff"
+     "sha256": "03843cc3b2a50d363894b2aa26e617466147355487d647abd36aba209e69a6e6"
     },
     "length": 3329,
     "version": 1

@@ -3,7 +3,7 @@
   {
    "keyid": "a0a0f0cf08daff7afd1eb6582756d43987aa73f028044836a5519259706ca19b",
    "method": "ed25519",
-   "sig": "e96f9ca4425a37919dc91d5679c5319150b41f729389d70be7d8c8dc3dda647aa9fd11ca3c6a959c10819d652e516b375caf147721f96af329b54c0720373c06"
+   "sig": "74ee9970ed709ab65586ef99c0005102676a92f11e2a448bb685875b641d2efe3fd2bdefaa90e1a050bfbb34163834aadb43d13ac0c7452aa7df27c454c34507"
   }
  ],
  "signed": {
@@ -23,14 +23,14 @@
    },
    "roles": [
     {
-     "backtrack": true,
      "keyids": [
       "a0650f29dde63403cc4eec28a1c66f2262d6339434a01c63a881a48bedd9bca9"
      ],
      "name": "role1",
      "paths": [
       "/file3.txt"
      ],
+     "terminating": false,
      "threshold": 1
     }
    ]

@@ -3,7 +3,7 @@
   {
    "keyid": "3f09f6468a522bea0364a23315872d8400875dfdb24ff4ecd32f27164d5c23c1",
    "method": "ed25519",
-   "sig": "1749729587ae99bdbaeff59562f1a06cfa3f2b8c31d0b82b8f10fcb4cc5fbf21a0df885e57994bae1b542b814cafaf506d357618515c18d8b5e4b23b90e26506"
+   "sig": "9a43adeef13b9d1d15f2b773e7d62b667761a65b34f2bd04c2565d842c113a85307131cfd6ae9f83d91963503783c6d98692887c322c49a6ae7b1d0869ce2105"
   }
  ],
  "signed": {
@@ -12,9 +12,9 @@
   "meta": {
    "snapshot.json": {
     "hashes": {
-     "sha256": "b55cf3ef997ca2d2be2ec921cdc8ab278ee77748041f9426dbe4ce1b2c8ba781"
+     "sha256": "c15b14217a3ad50ae2c136109983b7269d3bda42c4e1e530e30e7b5854b53a11"
     },
-    "length": 636,
+    "length": 678,
     "version": 1
    }
   },