Bug#934003: RFP: rget -- download URLs and verify the contents against a publicly recorded cryptographic log
Package: wnpp
Severity: wishlist
* Package name : rget
Version : 0.0.7
Upstream Author : Brandon Philips <brandon@ifup.org>
* URL : https://github.com/merklecounty/rget
* License : Apache-2
Programming Lang: Go
Description : download URLs and verify the contents against a publicly recorded cryptographic log
rget downloads URLs and verifies the contents against a publicly recorded
cryptographic log. The public log gives users of rget a number of useful
properties:
- Verifiability of a downloaded URL's contents being identical to what the
rest of the world sees
- Searchability of recorded content changes of a URL
- Notifications to any interested party about changes to the URLs contents
In practice the way the system works is a URL owner will publish the
cryptographic digests at a URL adjacent to the content a rget user is
downloading. The rget tool will download the digest and verify this digest
appears in the Certificate Transparency log via a specially crafted DNS
name.
More information at https://merklecounty.substack.com/p/rget-a-secure-download-user-story
Reply to: