Document ability to revoke / remove keys #85
Labels
Comments
|
Does |
|
Ahh, did not know this command existed. It's not listed in the commands section of the documentation. |
|
Ah, looks like that hasn't been updated recently. Do you want to update it? If not, we're happy to. |
|
Sure, I can update the documentation to mention |
titanous
changed the title
|
@mnm678 - I believe we can close this one 👍 |
|
Fixed by #153 |
rdimitrov
pushed a commit
to rdimitrov/go-tuf
that referenced
this issue
Jan 25, 2024
…amework#85) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.14.0 to 0.15.0. - [Commits](golang/sys@v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
rdimitrov
pushed a commit
that referenced
this issue
Jan 29, 2024
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.14.0 to 0.15.0. - [Commits](golang/sys@v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
root.jsonmetadata is currently populated with the keys available in thekeys/<role>.jsonfiles. For example, if one wishes to add a root key toroot.json, thetuf gen-key rootcommand is issued. The public key of the newly generated key is specified inroot.jsonby gen-key. However, there isn't a command to remove a key from a specific role. I suppose one can generate a newroot.jsonkey file with only the keys desired, however, this likely requires manually editing files.In addition, the tools should also support the ability revoke keys for specific roles (i.e., not list their public key(s) in metadata), yet still sign metadata with the revoked keys to allow clients to successfully update. The specification goes into more detail about this aspect of key revocation and management:
"To replace a compromised root key or any other top-level role key, the root role signs a new root.json file that lists the updated trusted keys for the role. When replacing root keys, an application will sign the new root.json file with both the new and old root keys until all clients are known to have obtained the new root.json file (a safe assumption is that this will be a very long time or never). There is no risk posed by continuing to sign the root.json file with revoked keys as once clients have updated they no longer trust the revoked key. This is only to ensure outdated clients remain able to update."
The text was updated successfully, but these errors were encountered: