Remove slow retrieval attacks from protections #111
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I have no strong opinions either way. It's certainly one of the more theoretical attacks. |
|
This makes sense to me. Slow retrieval attacks may be better suited for the proposed companion documentation as it is more of an implementation concern. |
mnm678
approved these changes
Sep 28, 2020
lukpueh
approved these changes
Sep 29, 2020
Section 1.5.2. Goals to protect against specific attacks lists the types of attacks on package managers which TUF protects against. For slow retrieval attacks, nothing in the specification provides any protections against this class of attack. For each other attack type there are protections within the specification that help prevent those attacks from being successful. Therefore, protecting against slow retrieval attacks becomes an aspiration for implementations and implementers are left to their own devices to determine how best to protect against these attacks. Furthermore, implementing protections against slow retrieval attacks is a complex task for implementations which may be contrary to the desires of systems choosing to integrate TUF. Many existing software update systems choosing to integrate TUF will have their own tested network/download stack that they will not replace lightly. Finally, AFAICT base on a quick perusal of go-tuf and Tough, only the reference implementation has attempted to implement protection against slow retrieval attacks. The reference implementation does not currently protect against slow retrieval attacks. Signed-off-by: Joshua Lock <[email protected]>
Signed-off-by: Joshua Lock <[email protected]>
lukpueh
force-pushed
the
joshuagl/rm-slow-retrieval
branch
from
d908c65 to
f5aee98
Compare
|
I took the liberty to rebase on the just updated (#117) master and update date/version header. |
joshuagl
added a commit
to joshuagl/theupdateframework.io
that referenced
this pull request
Sep 30, 2020
Slow retrieval attacks were removed from the specification in v1.0.7 of the TUF specification because the specification itself does not provide mechanisms to protect against this type of attack: theupdateframework/specification#111 Signed-off-by: Joshua Lock <[email protected]>
Definitely. Website PR opened theupdateframework/theupdateframework.io#15 and reference implementation PR is WIP theupdateframework/python-tuf#1156 |
|
On second thought, we may want to reinstate this in the future, but yes: there is currently nothing in the specification or reference implementation that specifies precisely how to do it. I am starting a conversation on the CNCF Slack channel for more high-bandwidth discussion. Will post findings here later. |
|
Discussion thread is at https://cloud-native.slack.com/archives/C8NMD3QJ3/p1601477330050100 |
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 19, 2020
Slow retrievals have been removed from the specification and soon it will be removed from the tuf reference implementation as a whole. This means that the chances of making this test useful are close to 0 if not none. For reference: - theupdateframework/specification#111 - theupdateframework#1156 Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 19, 2020
Slow retrievals have been removed from the specification and soon it will be removed from the tuf reference implementation as a whole. This means that the chances of making this test useful are close to 0 if not none. For reference: - theupdateframework/specification#111 - theupdateframework#1156 Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 22, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 22, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 28, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 28, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Oct 28, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Nov 3, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Nov 4, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Nov 11, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Nov 13, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Nov 13, 2020
Remove the test with mode 2 ('mode_2': During the download process,
the server blocks the download by sending just several characters
every few seconds.) from test_slow_retrieval.
This test is marked as "expected failure" with the purpose of
rewriting it one day, but slow retrievals have been removed from
the specification and soon it will be removed from the tuf
reference implementation as a whole.
That means that the chances of making this test useful are close
to 0 if not none.
The other test (with mode 1) in test_slow_retrieval is not removed.
For reference:
- theupdateframework/specification#111
- theupdateframework#1156
Signed-off-by: Martin Vrachev <[email protected]>
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think we should remove slow retrieval attacks from 1.5.2. Goals to protect against specific attacks. I've included details in the commit message but the tl;dr is that: