Some time has passed, but I didn't forget about this one. :)
intrigeri:
> Hi,
>
> adrelanos wrote (02 Jan 2013 16:27:46 GMT) :
>> I propose a mechanism to securely download project metadata, which
>> includes censor resistance, prevents feeding old/outdated project
>> metadata and load balancing.
>
> I suggest having a look at TUF, and especially their security
> documentation: https://www.updateframework.com/wiki/Docs/Security.
I did that and read pretty much everything about it.
I contact them regarding this proposal, they are friendly people and
have a private mailing list. Private as in, there is no public archive.
So I can't link it and I am not sure it's polite to publish. In summary...
What I describe was called by them a "permanent takedown threat"
(temporary name in quotes, not sure that will be the final name). They
are interested in it, they are not sure if they are already covering it
or if they will address that in future and promised to get back to me.
Whether they will cover this or not in future doesn't void my proposal.
TUF assumes server software to be running on the mirror.
What I proposed works on any web space.
> Its implementation did not look mature enough when we started to
> implement Tails incremental updates, but it was a year ago, so perhaps
> things have changed significantly since then :)
>
> (I can't remember nor find if I suggested it already, so I beg your
> pardon if I'm repeating myself.)
>
> Cheers,
