- Find and agree on trust roots (Trust roots should be major stakeholders in the minecraft modded ecosystem)
- Establish guidelines on what is needed to consider an identity verified
- Write up a specification on how this infrastructure will work
- Modrinth
- GDLauncher
We need preferably HSMs for people who are operating a trust root, this increases the security of the root key which if compromised, can cause a massive disaster.
Its important for the trust roots to have a history of good security, and properly responding to security reports on-time.