Link to my Medium blog post on TUF

39 views
Skip to first unread message

mulgu...@gmail.com

unread,
Aug 19, 2020, 2:32:53 AM8/19/20
to The Update Framework (TUF)
Hi folks,

Here's the link to my Medium blog post on TUF. As the post was getting too lengthy--more than 3000 words--I have broken it into two parts.

Part 1 covers, why securing the entire software update delivery system is needed, how TUF works to provide this security, the design principles that underpin TUF, and its structure.

Part 2, which I am yet to finish, will cover metadata file formats and repository layout.

Please do read and let me know if I have made any mistakes.


Thanks Lukas, for helping me out whenever I needed it.

Regards
Prashanth

Lukas Puehringer

unread,
Aug 19, 2020, 2:51:04 AM8/19/20
to theupdate...@googlegroups.com
Thanks for spreading the word about TUF, Prashanth! I hope you don't mind me
sharing the blog post on TUF's CNCF slack channel?

Also, you are very welcome to shoot me more question when you write Part 2 ...
or in case you want to write a blog post about TUF's sister project 'in-toto',
which helps to protect the rest of the software supply chain. ;)

Cheers,
Lukas

[1] https://in-toto.io/


On 19.08.2020 8:32 AM, mulgu...@gmail.com wrote:
> Hi folks,
>
> Here's the link to my Medium blog post on TUF. As the post was getting too
> lengthy--more than 3000 words--I have broken it into two parts.
>
> Part 1 covers, why securing the entire software update delivery system is
> needed, how TUF works to provide this security, the design principles that
> underpin TUF, and its structure.
>
> Part 2, which I am yet to finish, will cover metadata file formats and
> repository layout.
>
> Please do read and let me know if I have made any mistakes.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__medium.com_-40mulgundmath_secure-2Dsoftware-2Dupdates-2Dvia-2Dtuf-2Dpart-2D1-2Df9bbb34bcbbc&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=gi-t_HfB0cUfkEVjOZPKM3TlzxRL-wZV8S_IRtT_NOw&s=efWzuJFBo-wkYLNHul2YEmgOAwF28MW8VsXHPGEkmZw&e=
>
> Thanks Lukas, for helping me out whenever I needed it.
>
> Regards
> Prashanth
>

--
lukas.pu...@nyu.edu
PGP fingerprint: 8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8

signature.asc

mulgu...@gmail.com

unread,
Aug 19, 2020, 4:04:22 AM8/19/20
to The Update Framework (TUF)
You're welcome Lukas! Please do share, you would be doing me a favor.

Thanks, will definitely ask in case I have doubts.

I remember reading about in-toto a while back and thinking, yup this is needed too. About a blog on in-toto, can't commit to it right now but will definitely keep it in my mind; thanks for the suggestion. :-)  Uptane also interests me as I am also into IoT.

Regards
Prashanth

Lois A DeLong

unread,
Aug 19, 2020, 11:29:10 AM8/19/20
to The Update Framework (TUF)
Hello, Prashanth. I look forward to reading your article. We will get this link posted on our Secure Systems Lab web site as well. We maintain lists with links of media coverage of our projects. So that may give the blog a bit of a boost as well.

Thanks.


Lois Anne DeLong
NYU Tandon/SSL 

mulgu...@gmail.com

unread,
Aug 19, 2020, 12:04:26 PM8/19/20
to The Update Framework (TUF)
Thanks Lois! That should definitely help. Much appreciated.

Regards
Prashanth

mulgu...@gmail.com

unread,
Sep 1, 2020, 6:26:59 AM9/1/20
to The Update Framework (TUF)
Hi folks,

Have published part two of my blog post on TUF. Link:

Part two focuses on metadata file format and repository layout generated by the reference implementation.

Please do read and let me know if I have made any mistakes.

Thanks & Regards
Prashanth

Trishank Karthik Kuppusamy

unread,
Sep 1, 2020, 10:15:57 AM9/1/20
to mulgu...@gmail.com, The Update Framework (TUF)
On Tue, Sep 1, 2020 at 6:27 AM mulgu...@gmail.com <mulgu...@gmail.com> wrote:

Have published part two of my blog post on TUF. Link:

Part two focuses on metadata file format and repository layout generated by the reference implementation.

Please do read and let me know if I have made any mistakes.

Fantastic, thanks! Will read and comment. This is going to be very useful, I imagine, to people new to TUF... 

mulgu...@gmail.com

unread,
Sep 1, 2020, 11:17:50 AM9/1/20
to The Update Framework (TUF)
Thanks Trishank! Hopefully it will serve as a detailed introduction to TUF, and then people can move on to the TUF Specification to understand in depth. 

Regards
Prashanth

Trishank Karthik Kuppusamy

unread,
Sep 1, 2020, 11:34:56 AM9/1/20
to mulgu...@gmail.com, The Update Framework (TUF)
On Tue, Sep 1, 2020 at 11:17 AM mulgu...@gmail.com <mulgu...@gmail.com> wrote:
Thanks Trishank! Hopefully it will serve as a detailed introduction to TUF, and then people can move on to the TUF Specification to understand in depth. 

We should add these blog posts to the homepage

mulgu...@gmail.com

unread,
Sep 1, 2020, 11:42:52 AM9/1/20
to The Update Framework (TUF)
Sure, will do that.

mulgu...@gmail.com

unread,
Sep 2, 2020, 7:50:20 AM9/2/20
to The Update Framework (TUF)
Have created a PR (issue): https://github.com/theupdateframework/theupdateframework.io/issues/13

Went through the first five pages of a Google search and found quite a few blog posts; some of them are really good--no, I am not talking about my blog post :-D.  Have added the title and links of those blog posts into the PR.

Lois A DeLong

unread,
Sep 2, 2020, 11:35:23 AM9/2/20
to The Update Framework (TUF)
Adding these groups to the site is a good idea, but let me ask a mechanical question. Do we have the right to re-post this material? Sorry if this sounds like an ignorant question, but I spent too many years in traditional publishing where submissions to one magazine or journal required permission to republish. While I know that technically this is not republishing, as we are only posting a link to the existing article, I still felt it was a question we needed to ask.

Lois

Sumana Harihareswara

unread,
Sep 2, 2020, 11:40:17 AM9/2/20
to The Update Framework (TUF)
Yes, anyone on the Web has the right to link to any other resource publicly available on the Web. Deep-linking is legal and permissible: https://www.dmlp.org/legal-guide/linking-copyrighted-materials
Reply all
Reply to author
Forward
0 new messages