When it comes to security of online update mechanisms and that of an index, TUF has a well designed scheme to be safe regardless of http and plan for eventual leak/theft of signing keys.
I'd suggest anyone interest to have a look.
Carsten Mattner via arch-general Mon, 31 Oct 2016 13:27:49 -0700
When it comes to security of online update mechanisms and that of an index, TUF has a well designed scheme to be safe regardless of http and plan for eventual leak/theft of signing keys.
I'd suggest anyone interest to have a look.