Without taking a position on the particular technology being proposed (which I haven't looked at yet), I am happy to hear that I am not the only one thinking about this. Of course we already have examples of mechanisms that do authenticated integrity checking of content—e.g., RPM, bittorrent and debian's apt—but these have not been generalized into a service that would solve the problem we are talking about here. I'm curious to know whether anybody besides Dave and me thinks this is a problem worth solving.