Super impressed after reading all the TUF papers and comparing it to my own feeble proposal, they had addressed a whole bevy of problems that I hadn't even thought of - infinite-length download attacks, server-asserted timestamps, quorum signatures, sophisticated trust delegation, consistency of all the metadata all the time ...