adrelanos: > Some time has passed, but I didn't forget about this one. :) > > intrigeri: >> Hi, >> >> adrelanos wrote (02 Jan 2013 16:27:46 GMT) : >>> I propose a mechanism to securely download project metadata, which >>> includes censor resistance, prevents feeding old/outdated project >>> metadata and load balancing. >> >> I suggest having a look at TUF, and especially their security >> documentation: https://www.updateframework.com/wiki/Docs/Security. > > I did that and read pretty much everything about it. > > I contact them regarding this proposal, they are friendly people and > have a private mailing list. Private as in, there is no public archive. > So I can't link it and I am not sure it's polite to publish. In summary... > > What I describe was called by them a "permanent takedown threat" > (temporary name in quotes, not sure that will be the final name). They > are interested in it, they are not sure if they are already covering it > or if they will address that in future and promised to get back to me. > > Whether they will cover this or not in future doesn't void my proposal. > TUF assumes server software to be running on the mirror. > > What I proposed works on any web space.
Polished that proposal a bit... https://sourceforge.net/p/whonix/wiki/pdt/ I am going to ask the TUF people, if they are willing to have a look and seeing any obvious points, where this design is failing. _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
