On Sun, Feb 10, 2013 at 11:30 PM, Giovanni Bajo <[email protected]> wrote: > This is by far the biggest problem to be solved, and my document brings a > proposal here. It would be great if the TUF guys reviewed it.
Ensuring we fully address the problems that are addressed by TUF is more important than the question of whether or not we use the TUF software itself. However, the concern I have with your proposal is that I saw zero information regarding how it deals with attackers supplying old versions of software, or, indeed, any description of the threat model at all. The parts of your proposal that I believe need to be closely reviewed are: - GPG vs PKCS#1 - your custom trust model vs TUF target delegation - any threats that TUF covers and your proposal does not As far as the involvement TUF has had with other projects goes, I suspect this paper is at the heart of it: http://freehaven.net/~arma/tuf-ccs2010.pdf You may be right that those other projects addressed their issues by fixing the schemes they already had, rather than adopting TUF directly. We're in a somewhat different situation to those projects though, since we don't currently have an end-to-end integrity checking scheme at all. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
