The Sigsum Project
Sigsum is a free and open source software project that brings transparency logging to signed checksums. The overall design is kept general by not logging a more concrete data structure like TLS certificates.
- [x] Discoverability of signed checksums for the data of your choice
- [x] Centralised log operations but distributed trust assumptions
- [x] Minimalistic design that simplifies log operations and usage
Sigsum logging can be used to make a signer's key-usage transparent. For example, malicious and unintended key-usage can be detected. Transparent key-usage also facilitates verification of falsifiable claims.
Examples include:
- Everyone gets the same executable binaries
- A domain does not serve malicious javascript
- A list of key-value pairs is maintained with a certain policy
Please refer to the sigsum logging design document, API specification, and public prototype to learn more. There is also an archive of meeting minutes and discuss pads. All project repositories are located at git.sigsum.org.
Contact
Chat
Chat with users and developers on IRC or Matrix. The rooms are bridged so it does not matter which one you choose.
- IRC: #sigsum @ OFTC.net
- Matrix: #sigsum:matrix.org
There are open video/voice meeting on Tuesdays at 1200 UTC, in the 'sigsum' Jitsi room.
- Jitsi: meet.sigsum.org/sigsum
Subscribe to the Sigsum-general mailing list by sending an email with 'subscribe' in the subject to
sigsum-general-join@lists.sigsum.org
or use the form at the list info page.
After being subsribed, you can provide feedback, report issues, and submit patches by sending an email to the list, at
sigsum-general@lists.sigsum.org
Sponsors
- Mullvad VPN, financial sponsor
- DFRI, mailing list sponsor