On Mon, May 19, 2014 at 07:24:39PM -0700, Tony Arcieri wrote: > If you really want secure updates, depending on your threat model doing it > correctly is a very difficult problem.
First, thanks for the pointer to the web site/paper/etc.: that's going to make for some interesting reading later today. Second, I think that the threat model, unfortunately, should include the presumption of pervasive monitoring of least connection metadata: source IP, destination IP, ports, time, duration, and traffic volume in each direction. I have the uncomfortable thought that even if we had a solution to the problems articulated by The Update Framework, that others would remain. Still, it's not at all a bad idea to solve the obvious ones that are in front of us while thinking about the others. ---rsk -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
