Skip to content

Commit

Permalink
Remove POUF-2; Update POUF-1 with DSSE changes
Browse files Browse the repository at this point in the history
Signed-off-by: Aditya Sirish <[email protected]>
  • Loading branch information
adityasaky committed Jun 21, 2021
1 parent 4cbb8d5 commit c80aefe
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 81 deletions.
66 changes: 0 additions & 66 deletions POUFs/pouf2.md

This file was deleted.

51 changes: 36 additions & 15 deletions POUFs/reference-POUF/pouf1.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
* POUF: 1
* Title: Reference Implementation Using Canonical JSON
* Version: 2
* Last-Modified: 06-May-2020
*" POUF: 1
* Title: Reference Implementation Using Canonical JSON and DSSE
* Version: 3
* Last-Modified: 21-Jun-2021
* Author: Marina Moore, Joshua Lock
* Status: Draft
* TUF Version Implemented: 1.0
* Implementation Version(s) Covered: v0.12.*
* Implementation Version(s) Covered: TODO
* Content-Type: text/markdown
* Created: 25-November-2018

Expand Down Expand Up @@ -67,19 +67,22 @@ The following steps must be completed before any updates can be installed:
# Formats

## General Principals
All signed metadata objects have the format:

{ "signed" : ROLE,
"signatures" : [
{ "keyid" : KEYID,
"sig" : SIGNATURE }
, ... ]
All signed metadata use v1 of [Dead Simple Signing Envelope (DSSE)](https://github.com/secure-systems-lab/signing-spec):

{
"payload": "<Base64(SERIALIZED_BODY)>",
"payloadType": "<PAYLOAD_TYPE>",
"signatures": [{
"keyid": "<KEYID>",
"sig": "<Base64(SIGNATURE)>"
}]
}


where:

* ROLE is a dictionary whose "_type" field describes the role type.
* SERIALIZED_BODY is a dictionary whose "_type" field describes the role type.

* PAYLOAD_TYPE is a fixed as "application/vnd.tuf+json" identifying it as TUF metadata.

* KEYID is the identifier of the key signing the ROLE dictionary.

Expand Down Expand Up @@ -347,7 +350,7 @@ The timestamp file is signed by a timestamp key. It indicates the
"hashes" : HASHES }
, ...
}

t
METAPATH is the the snapshot metadata file's path on the repository
relative to the metadata base URL.

Expand Down Expand Up @@ -406,7 +409,25 @@ This profile was included in TUF security audits available at https://theupdatef

# Version History

## 3
Update to propose a transition to using DSSE as the underlying signature wrapper for TUF metadata.

## 2
Updated to reflect the latest (v0.12.2) reference implementation.
* snapshot.json lists only the top-level and delegated targets metadata
* timestamp.json includes hashes and length of snapshot.json
{ "signed" : ROLE,
"signatures" : [
{ "keyid" : KEYID,
"sig" : SIGNATURE }
, ... ]
}


where:

* ROLE is a dictionary whose "_type" field describes the role type.

* KEYID is the identifier of the key signing the ROLE dictionary.

* SIGNATURE is a hex-encoded signature of the canonical JSON form of ROLE.

0 comments on commit c80aefe

Please sign in to comment.