Explain why checking some hashes before signatures is ok?

[trishankatdatadog]

From this PR on php-tuf, I learned that it is not clear why the spec advises on checking snapshot/targets hashes from timestamp/snapshot before checking signatures. It looks unsafe until it is recalled that the hashes from previously verified snapshot/targets. Recently while independently implementing the spec, even I had some concern until I understood this. Should we clarify this?

HT @tedbow @davidstrauss

[tedbow]

Yeah I see why it is safe. But now I am wondering why it is preferable before checking the signature of the file first.

In this new PR on PHP-TUF I am suggesting always checking the signatures on the files first. The PR would actually make it more difficult to do anything with the loaded metadata files before checking the signatures because checking the signatures would moved into this process
// TUF-SPEC-v1.0.9 Section 5.3.2 $newSnapshotData = SnapshotMetadata::createFromJson($newSnapshotContents, $this->signatureVerifier);
So basically you couldn't get $newSnapshotData without having be verified.

But that would mean we couldn't do https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#5-detailed-workflows
step 5.4.1 and 5.4.2 in the order the spec suggests. Is there a reason they are in this order?

It just seems like it would be easier if "Check for an arbitrary software attack" was the first step for all files

[trishankatdatadog]

It just seems like it would be easier if "Check for an arbitrary software attack" was the first step for all files

It's why I opened this issue, to get feedback like this that would not have occurred to us