Slow retrieval attack protection
Closed this issue · 2 comments
In the threat model, we state that Uptane protects against slow retrieval attacks. However, full protection against slow retrieval attacks requires cooperation from the network stack which is not described in the standard and probably out of scope of Uptane. For this reason, we recently removed slow retrieval attacks from the TUF specification (see theupdateframework/specification#111). To resolve this, we can do one of two things:
-
Remove slow retrieval attacks from the threat model (and perhaps move it to the Deployment Best Practices)
-
Add a requirement for ECUs to detect and prevent slow retrieval attacks.
This might be something to discuss for 2.0.
My inclination is to do option 1, but I would like to hear from those who better understand the issue.
In the 11/24 standards call, we decided to add a SHOULD to the standard to address slow retrieval attacks.