(WIP) Update motivation

Signed-off-by: Aditya Sirish <[email protected]>

tap19.md

@@ -50,14 +50,31 @@ legislative process.
 The organization have developed a variant of TUF called The Archive Framework
 (TAF), designed to support Git repositories as targets rather than regular
 files. TAF uses a stand-in file representing each repository which records the
-specific commit ID. This file is then used as a target in TUF metadata.
+specific commit ID. This file is then used as a target in TUF metadata. This is
+redundant as the file is only used to determine the correct Git object to
+use--TAF already relies on Git's default content integrity protections. By
+moving this information into the TUF metadata, this redundancy can be
+eliminated.
 
 This particular use case can be generalized to supporting any Git repositories
 as Targets.
 
-## Use Case 2: IPFS as a Backend for Targets
+## Use Case 2: IPFS Artifacts
 
-TODO: John?
+IPFS provides a peer-to-peer protocol to store and transfer files. Every file is
+identified by a hash. Note that the identifier is not the hash of the file
+itself. IPFS represents each file as a series of individually addressed blocks
+and the identifier of the file as a whole encompasses all of these blocks.
+
+By supporting IPFS as a way to distribute artifacts from a repository, all of
+TUF's security properties can be applied except for the artifact integrity
+itself. When fetching a target, the client would verify all of the TUF metadata
+and then use the targets entry to determine which IPFS artifact to fetch.
+
+Finally, IPFS can be used to store the TUF metadata itself. TUF's Timestamp role
+can, in that case, address the latest Snapshot role using its IPFS address,
+Snapshot roles can similarly address Targets roles using their corresponding
+IPFS addresses, and so on.
 
 ## Use Case 3: Distributing Artifacts Using OSTree