The Update Framework (TUF)
#Application Protection#Application Security
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
This repository provides an implementation of The Update Framework specification
This repository offers an implementation of The Update Framework (TUF) specification. Any references to 'notary' within this repository pertain to the client and server implementation that aligns with the TUF specification.
The Primary Application of This Implementation
The primary application of this implementation is in Docker Content Trust (DCT).
The First Release: v0
Version 0 was officially released in November 2015.
Overview of the Repository
Overview: This repository consists of a server and a client that enable the operation and interaction with trusted collections. For additional details, please refer to the service architecture documentation.
The Goal is to Enhance Internet Security
The goal is to enhance the security of the internet by simplifying the process for people to publish and verify content. We frequently depend on TLS to secure our communications with a web server. However, this method has inherent flaws; if the server is compromised, it allows malicious content to replace the legitimate content. Publishers have the option to sign their content offline, using keys that are kept in a highly secure manner. When the publisher is ready to share their content, they can upload their signed trusted collection to the notary server. Consumers, who have obtained the publisher's public key through a secure channel, can then interact with any notary server or (insecure) mirror, relying on...
