Comparing TUF and Transparent Logs

Marina Moore

unread,

Jan 16, 2020, 5:14:20 PM1/16/20

to theupdate...@googlegroups.com, Trishank Kuppusamy

Hi,

A few of us at NYU have been working on a comparison between TUF and Transparent Logs (like Certificate Transparency). We created a document (https://docs.google.com/document/d/1gyy7sdR6RZtIWwrlKHVSJOvO0cnKTDMcgOPl6yDgmgM) that describes how the threat model for each of these approaches differ and the benefits gained from each technology. They can both be used to protect against tampering with packages, but provide different specific benefits.

If you are interested, feel free to take a look and leave us some feedback on the document, or share it with others if this topic ever comes up in discussions about TUF.

Thanks,

Marina

Trishank Kuppusamy

unread,

Jan 16, 2020, 5:19:09 PM1/16/20

to Marina Moore, The Update Framework (TUF)

Awesome, thanks for sharing, Marina!

Sumana Harihareswara

unread,

Jan 16, 2020, 5:21:01 PM1/16/20

to The Update Framework (TUF)

Thanks for writing this and sharing it, TUF team!

If this is going to be a document that is long-lived and that people are meant to share with each other, I hope it will move soon to https://theupdateframework.com/ or https://ssl.engineering.nyu.edu/blog/ and have a meaningful URL, byline, clear "posted/last updated" date, and so on. If it's part of the TUF documentation at https://theupdateframework.com/ then it'll be reasonably easy to update it with pull requests.

-Sumana Harihareswara

Trishank Kuppusamy

unread,

Jan 17, 2020, 1:26:04 PM1/17/20

to Sumana Harihareswara, Marina Moore, Lois Anne Delong, The Update Framework (TUF)

On Thu, Jan 16, 2020 at 5:21 PM Sumana Harihareswara <con...@changeset.nyc> wrote:

If this is going to be a document that is long-lived and that people are meant to share with each other, I hope it will move soon to https://theupdateframework.com/ or https://ssl.engineering.nyu.edu/blog/ and have a meaningful URL, byline, clear "posted/last updated" date, and so on. If it's part of the TUF documentation at https://theupdateframework.com/ then it'll be reasonably easy to update it with pull requests.

💯

We will await feedback on the Google Doc today, but will move it to a blog post (thanks to +Marina Moore and +Lois Anne Delong) early next week...

Trishank Kuppusamy

unread,

Feb 3, 2020, 7:44:14 PM2/3/20

to Sumana Harihareswara, Marina Moore, Lois Anne Delong, The Update Framework (TUF)

The blog post is finally here:

https://ssl.engineering.nyu.edu/blog/2020-02-03-transparent-logs

Fire away, especially if you spot any mistake or misunderstanding!

Reply all

Reply to author

Forward