I didn't do a deep dive, but it looks like the "simple signing" design from Fedora would enable an attacker that has compromised the signing server to compromise user devices (even with HSMs, etc.).  I also wasn't sure if there was a secure way to do key revocation in the case where an incident did occur.  These sorts of issues happen a lot more than one would expect [1-5] plus see [6] for dozens of other incidents.

TUF is designed to handle exactly these kinds of incidents while still retaining a high degree of security.  Actually, many ideas in TUF came out of security issues we found in YUM, APT, and other package managers [7,8].  We integrated ideas from an earlier system of ours into YUM, APT, YaST, Pacman, etc. back around 2009.

I'd be happy to talk more if there are any questions or thoughts, but want to keep this being too long or from rambling too far off-topic...

Thanks,

Justin  

[1] https://lists.fedoraproject.org/pipermail/announce/2011-January/002911.html

[2] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

[3] https://www.debian.org/News/2003/20031202

[4] https://forums.gentoo.org/viewtopic.php?t=111779

[5] https://www.freebsd.org/news/2012-compromise.html

[6] https://ssl.engineering.nyu.edu/papers/kuppusamy_nsdi_16.pdf

[7] https://ssl.engineering.nyu.edu/papers/cappos_mirror_ccs_08.pdf

[8] https://ssl.engineering.nyu.edu/papers/cappos_pmsec_tr08-02.pdf

_______________________________________________
cncf-toc mailing list
cncf-toc@...
https://lists.cncf.io/mailman/listinfo/cncf-toc