Without taking a position on the particular technology being proposed (which I
haven't looked at yet), I am happy to hear that I am not the only one thinking
about this. Of course we already have examples of mechanisms that do
authenticated integrity checking of content—e.g., RPM, bittorrent and debian's
apt—but these have not been generalized into a service that would solve the
problem we are talking about here. I'm curious to know whether anybody
besides Dave and me thinks this is a problem worth solving.