Hi there! Several years ago I opened this crates.io issue on a security model, and let me just say it's very exciting to see proposed Sigstore integrations.
You mention TUF, and separately posit this open question:
Should crates.io use the signing information to enforce that the signature of crate-to-be-published matches the publisher?
I think it'd be great to start working on the machinery of Sigstore for AuthN / crate signing (and the workflow looks great), but it really needs an associated AuthZ policy to be useful, as this blog post highlights:
https://blog.sigstore.dev/signatus-ergo-securus-who-can-sign-what-with-tuf-and-sigstore-ea4d3d84b8b6
As it were, there are some early discussions happening on the Cargo team right now on potentially using TUF for things like (sparse) index signing.
You do mention TUF repeatedly in the pre-RFC, including the index signing work and various potential integrations. I guess what I think is missing here specifically a future work statement which describes how TUF could be used for AuthZ in a system where Sigstore is used for AuthN, answering the open question you posed about this, e.g. how TUF's delegated targets feature could provide AuthZ policies which specify which crates.io users (and their associated GitHub OIDC identities) are allowed to sign which particular crates.