Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Threat Model with Blob Signing scenarios #296

Open
rgnote opened this issue Feb 20, 2024 · 0 comments
Open

Update Threat Model with Blob Signing scenarios #296

rgnote opened this issue Feb 20, 2024 · 0 comments
Assignees
@priteshbandi
Milestone
Future

Comments

@rgnote
Copy link
Contributor

rgnote commented Feb 20, 2024

One of the scenario was discussed in #283 (comment)
We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.
@rgnote rgnote mentioned this issue Feb 20, 2024
Merged
@yizha1 yizha1 added this to the 1.1.0 milestone Mar 5, 2024
@yizha1 yizha1 modified the milestones: 1.1.0, 1.2.0 Aug 6, 2024
@yizha1 yizha1 modified the milestones: 1.2.0, Future Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@priteshbandi priteshbandi

Labels
None yet
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@rgnote @priteshbandi @yizha1