-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TUF expiry contains microseconds #103
Comments
Oooh nice! Thank you for finding this -- I can set to truncate at seconds |
@jku When you truncated to seconds, did you end up getting this error in
I'm just wondering whether that's what caused you to open theupdateframework/python-tuf#1866 or whether I'm hitting a different issue. |
I mean yes I found both issues while I was doing a manual interop testing round -- the issue you found is a related one: our error handling was quite poor. Current state to my knowledge is:
|
Ah thanks @jku, that makes sense. I missed the key format issues. |
Going to make a separate issue about the ECDSA key format -- this will be tough because root keys will have different key IDs if we immediately switching the encodings. |
From TUF specification:
To me this says that the expiry string should not contain microseconds. Current sigstore metadata contains microseconds: https://github.com/sigstore/root-signing/blob/main/repository/repository/2.root.json#L27
I'm not sure if defining expiry this strictly in the spec is useful but the definition seems clear and in python-tuf we currently implement the spec strictly so fail to deserialize this metadata.
The related python-tuf issue (we'll have to decide if we should support msecs or not): theupdateframework/python-tuf#1858
The text was updated successfully, but these errors were encountered: