Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit logs for root metadata changes #153

Open
doanac opened this issue Mar 4, 2022 · 0 comments
Open

audit logs for root metadata changes #153

doanac opened this issue Mar 4, 2022 · 0 comments

Comments

@doanac
Copy link

doanac commented Mar 4, 2022

Given the importance of the root metadata, changes made to it are quite important. I was recently tasked with keeping an audit log of such changes. The naive approach is to more or less add a new DB column and move on. However, when I start to think of the qualities such a solution needs such as being tamper resistant, I start wonder if this shouldn't be optionally supported (or even recommended) in the TUF spec? For example, maybe we could add a new optional attribute to the signed root metadata reason. Maybe a free form string or some free form object. e.g:

signed:
  _Type: Root
  expires: 2022-08-19T16:23:01Z
  version: 2
  reason: User(1234) rotated root key that were due to expire

then we add a new targets signing key and get

signed:
  _Type: Root
  expires: 2022-09-19T16:23:01Z
  version: 3
  reason: User(456) added targets keyid 1234

I'm not totally sure this belongs in the root metadata and might need to be its own new artifact. Just curious if people had thought about this and if there was interest in something along these lines?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@doanac