Re: [Tails-dev] draft proposal: secure, censor resistant, d…

Delete this message

Reply to this message
Author: adrelanos
Date:  
To: tails-dev
Subject: Re: [Tails-dev] draft proposal: secure, censor resistant, distributed project metadata, please review
adrelanos:
> Some time has passed, but I didn't forget about this one. :)
>
> intrigeri:
>> Hi,
>>
>> adrelanos wrote (02 Jan 2013 16:27:46 GMT) :
>>> I propose a mechanism to securely download project metadata, which
>>> includes censor resistance, prevents feeding old/outdated project
>>> metadata and load balancing.
>>
>> I suggest having a look at TUF, and especially their security
>> documentation: https://www.updateframework.com/wiki/Docs/Security.
>
> I did that and read pretty much everything about it.
>
> I contact them regarding this proposal, they are friendly people and
> have a private mailing list. Private as in, there is no public archive.
> So I can't link it and I am not sure it's polite to publish. In summary...
>
> What I describe was called by them a "permanent takedown threat"
> (temporary name in quotes, not sure that will be the final name). They
> are interested in it, they are not sure if they are already covering it
> or if they will address that in future and promised to get back to me.
>
> Whether they will cover this or not in future doesn't void my proposal.
> TUF assumes server software to be running on the mirror.
>
> What I proposed works on any web space.


Polished that proposal a bit...
https://sourceforge.net/p/whonix/wiki/pdt/

I am going to ask the TUF people, if they are willing to have a look and
seeing any obvious points, where this design is failing.