Remove slow retrieval attacks from protections

Section 1.5.2. Goals to protect against specific attacks lists the types
of attacks on package managers which TUF protects against.

For slow retrieval attacks, nothing in the specification provides any
protections against this class of attack. For each other attack type there
are protections within the specification that help prevent those attacks
from being successful.

Therefore, protecting against slow retrieval attacks becomes an aspiration
for implementations and implementers are left to their own devices to
determine how best to protect against these attacks.

Furthermore, implementing protections against slow retrieval attacks is a
complex task for implementations which may be contrary to the desires of
systems choosing to integrate TUF. Many existing software update systems
choosing to integrate TUF will have their own tested network/download
stack that they will not replace lightly.

Finally, AFAICT base on a quick perusal of go-tuf and Tough, only the
reference implementation has attempted to implement protection against
slow retrieval attacks. The reference implementation does not currently
protect against slow retrieval attacks.

Signed-off-by: Joshua Lock <[email protected]>

Author: joshuagl

tuf-spec.md

@@ -183,10 +183,6 @@ repo](https://github.com/theupdateframework/specification/issues).
       software that is older than that which the client previously knew to be
       available.
 
-      + **Slow retrieval attacks.**  An attacker cannot prevent clients from
-      being aware of interference with receiving updates by responding to
-      client requests so slowly that automated updates never complete.
-
       + **Vulnerability to key compromises.** An attacker, who is able to
       compromise a single key or less than a given threshold of keys, cannot
       compromise clients.  This includes compromising a single online key (such