diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-03-23 16:50:12 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-03-23 16:50:12 +0100 |
| commit | 7c08fc4667a56f1e630e382d7fa45b4edd5c2f0f (patch) | |
| tree | 7fc52acd99506aa939171fcecceb216914e4a86c | |
| parent | 799177cc3a591916b3ae028d7dde9df388cd7a08 (diff) | |
fixed README.md nits (#1)
- Replaced "checksum covers" with "checksum represents" (less ambiguous)
- Removed extra examples that may be confusing in the first bullet list,
i.e., one can log many more things than checksums of executable binaries.
- Clarified that "something opaque" means a data item of opaque type.
| -rw-r--r-- | README.md | 19 |
1 files changed, 9 insertions, 10 deletions
@@ -1,12 +1,11 @@ # System Transparency Front-End (STFE) STFE is a [Trillian](https://transparency.dev/#trillian) [personality](https://github.com/google/trillian/blob/master/docs/Personalities.md) -that allows you to log signed checksums. What a checksum covers is up to the -submitter. For example, it could be a Firefox update, a Debian package, or a -document. A log leaf contains: -- A _checksum_ that covers something opaque, e.g., an executable binary. -- An _identifier_ that is tied to what the checksum represents, e.g., name, -version, and platform. +that allows you to log signed checksums. What a checksum represents is up to +the submitter. For example, it could be a Firefox update, a Debian package, or +a document. A log leaf contains: +- A _checksum_ that represents a data item of opaque type. +- An _identifier_ that is tied to what the checksum represents. - A _signature_ that covers `checksum` and `identifier` using the submitter's secret signing key. - A _namespace_ that is tied to the submitter's verification key, e.g., think of @@ -87,10 +86,10 @@ checksums. As far as we can tell the log's leaf entry must at minimum indicate: 2. What opaque data does the checksum _refer to_ such that the log entry can be analyzed by monitors. -Additional metadata needs can be included in the data that the checksum covers, -and the data itself can be stored in a public unauthenticated archive. Log APIs -and data formats should also follow the principle of minimal common denominator. -We are still in the process of analyzing this further. +Additional metadata needs can be included in the data that the checksum +represents, and the data itself can be stored in a public unauthenticated +archive. Log APIs and data formats should also follow the principle of minimal +common denominator. We are still in the process of analyzing this further. ### Spam and log poisoning Trillian personalities usually have an _admission criteria_ that determines who |