[theamk]

Well, the reason TUF has to protect against all of the attacks is because it is choosing to support a varying set of requirements, including lack of SSL and insecure mirrors. Mender simply does not care about them, so it can be dramatically simpler:

- rollback attacks -- impossible since all comms are secure, and there are no untrusted mirrors

- freezes -- impossible, because SSL channel must be re-negotiated every time

- mix and match attacks -- nothing to mix+match, mender only does one file (rootfs)

- helps secure mirrors -- mender does not support 3rd party mirrors, so no need to secure them.

You can see it right on the TUF homepage: it claims to replace application, library package and system package managers. This is a lot of work, which requires a lot of complexity, and there is no need at all to pay that price if you do not need to.