Clarify rollback attack prevention and fast-forward attack recovery#86
Closed
lukpueh wants to merge 12 commits intotheupdateframework:masterfrom
Closed
Clarify rollback attack prevention and fast-forward attack recovery#86lukpueh wants to merge 12 commits intotheupdateframework:masterfrom
lukpueh wants to merge 12 commits intotheupdateframework:masterfrom
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR combines and updates #72, which clarifies the verification routines for delegated targets, and #74 and #85, which fix #71, i.e. resolve ambiguity around rotating keys and deleting metadata, in order to recover from fast-forward attacks, by temporarily disabling rollback attack checks.
Pre-requisite
Takeover of #72
Takeover of #85