adrelanos: > adrelanos:
>> Some time has passed, but I didn't forget about this one. :)
>>
>> intrigeri:
>>> Hi,
>>>
>>> adrelanos wrote (02 Jan 2013 16:27:46 GMT) :
>>>> I propose a mechanism to securely download project metadata, which
>>>> includes censor resistance, prevents feeding old/outdated project
>>>> metadata and load balancing.
>>>
>>> I suggest having a look at TUF, and especially their security
>>> documentation: https://www.updateframework.com/wiki/Docs/Security.
>>
>> I did that and read pretty much everything about it.
>>
>> I contact them regarding this proposal, they are friendly people and
>> have a private mailing list. Private as in, there is no public archive.
>> So I can't link it and I am not sure it's polite to publish. In summary...
>>
>> What I describe was called by them a "permanent takedown threat"
>> (temporary name in quotes, not sure that will be the final name). They
>> are interested in it, they are not sure if they are already covering it
>> or if they will address that in future and promised to get back to me.
>>
>> Whether they will cover this or not in future doesn't void my proposal.
>> TUF assumes server software to be running on the mirror.
>>
>> What I proposed works on any web space.
>
> Polished that proposal a bit...
> https://sourceforge.net/p/whonix/wiki/pdt/ >
> I am going to ask the TUF people, if they are willing to have a look and
> seeing any obvious points, where this design is failing.
Done. info at updateframework.com says that it looks good from a quick look.