A successful RustConf 2024 consumed a bunch of the team's time this month, but we definitely got some wins this month. One win in particular was an agreement to use TUF for crate signing and mirroring.
A breakthrough occurred at RustConf 2024 - discussion between Foundation security initiative members and some members of the Rust Project agreed in principle that implementing The Update Framework (TUF) for Rust was the best way to move forward with crate signing and mirroring. This would replace the original proposal outlined in the PKI RFC. This agreement in principle amongst the affected parties is actually a big milestone for progress. Now to get all this in writing and hopefully implemented.
There are some technical hurdles to overcome to make this goal of using TUF achievable. One of these hurdles is ensuring that the size of the crate payload metadata is not increased at a noticeable rate. Right now it is estimated that, as-is, 1MB of data would be appended every time the crate index was updated (which is about once a minute), and we want to try to reduce that, if possible. In order to reduce the payload size required to successfully use TUF for Rust, we want to implement TAP16. TAP16 “proposes a method for reducing the size of snapshot metadata a client must download without significantly weakening the security properties of TUF”, by using Merkle trees.
Tobias has pushed his implementation of notifying crate owners when their crates have been published, including, to avoid potential notification overload backlash, a mechanism to opt-out, if desired. These notification emails will allow crate owners to ensure that no one is publishing their crates without their knowledge.
The Rust Infrastructure Threat Model has identified the lack of out-of-band backups for critical data assets of the Rust project as a major threat. JD and Marco are working on mirroring all Rust releases and crates into a separate infrastructure on Google Cloud Platform (GCP).
We are starting to explore, based on the Rust Infrastructure Threat Model (https://docs.google.com/document/d/10Qlf8lk7VbpWhA0wHqJj4syYuUVr8rkGVM-k2qkb0QE/), the best way to enforce Multi-factor Authentication (MFA) on critical Rust infrastructure, from using one-time passwords to hardware tokens.
RustConf 2024 took place from 10 September - 13 September in Montreal, Quebec, Canada. One of the highlights of that conference was the conference extension Rust Global where Walter gave a talk called "Dude Where's My C?" to a filled room. Using Painter data, this talk discussed the statistics and implications of externally-linked code across the crates ecosystem. The video of the presentation should be posted in the next couple of weeks.
The C++/Rust Interop problem statement and high-level strategy is in its final stages of feedback and iteration. We expect this to be published to the public in October.
The first official meeting of the Safety Critical Rust Consortium occurred on 10 September in Montreal, Quebec, Canada, coinciding with the beginning of RustConf.
Over 30 people attended, both in-person and virtually, from various companies and entities interested in ensuring that Rust can be used in safety critical applications. The meeting was a success with a mission being established, subcommittees being formed and excitement for future in-person meetings.
Infrastructure for the consortium such as GitHub repos, membership requirements and other governance is in the process of being setup, including chairs for the subcommittees.
The next in-person meeting is tentatively scheduled for Rust Nation in early 2025.
Moved the links to these to the README for persistent access.