adrelanos: > adrelanos: >> Some time has passed, but I didn't forget about this one. :) >> >> intrigeri: >>> Hi, >>> >>> adrelanos wrote (02 Jan 2013 16:27:46 GMT) : >>>> I propose a mechanism to securely download project metadata, which >>>> includes censor resistance, prevents feeding old/outdated project >>>> metadata and load balancing. >>> >>> I suggest having a look at TUF, and especially their security >>> documentation: https://www.updateframework.com/wiki/Docs/Security. >> >> I did that and read pretty much everything about it. >> >> I contact them regarding this proposal, they are friendly people and >> have a private mailing list. Private as in, there is no public archive. >> So I can't link it and I am not sure it's polite to publish. In summary... >> >> What I describe was called by them a "permanent takedown threat" >> (temporary name in quotes, not sure that will be the final name). They >> are interested in it, they are not sure if they are already covering it >> or if they will address that in future and promised to get back to me. >> >> Whether they will cover this or not in future doesn't void my proposal. >> TUF assumes server software to be running on the mirror. >> >> What I proposed works on any web space. > > Polished that proposal a bit... > https://sourceforge.net/p/whonix/wiki/pdt/ > > I am going to ask the TUF people, if they are willing to have a look and > seeing any obvious points, where this design is failing.
Done. info at updateframework.com says that it looks good from a quick look. _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
