Clarify 'Tamper with provenance or VSA' threat

Question

Clarify 'Tamper with provenance or VSA' threat

Closed this issue 2 months ago · 1 comments

*Threat:* Issue an attestation that purposefully misrepresents the subject.

Originally posted by @zachariahcox in #1191 (comment)

Answer 1 · 2024-10-25T15:52:12.000Z

I don't think this is quite right. In example 1 and 2 the threat described is that an existing attestation is tampered with, the mitigation described detects these problems because the attacker cannot modify the valid attestations without invalidating the expected signatures.

However, I think 'example 3' should probably be captured in a threat by itself as that deals with expectations mismatching which is usually captured elsewhere.