aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-12 17:43:03 +0200
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-12 17:43:03 +0200
commit8c10d09289289ddbc349503dac4b0493bf73b2b3 (patch)
tree4d64c2f28b9dc77fbbafc2d80bd79babcc9ef31a
parent34746cefa42bb7d4fd1b3d8bace285bd393db7d5 (diff)
removed comments about partial enforcement
To be re-added at a later time somewhere else. It is not helpful for a reader that is trying to understand the basic design for the first time. Spotted by ln5.
-rw-r--r--doc/design.md10
1 files changed, 0 insertions, 10 deletions
diff --git a/doc/design.md b/doc/design.md
index 821ba88..e1f3b5e 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -294,16 +294,6 @@ logs have trustworthy tree heads thanks to using a variant of witness cosigning.
A verifier cannot be tricked into accepting data whose checksum have not been
publicly logged unless the attacker controls more than a threshold of witnesses.
-In a less ideal world sigsum logging can facilitate detection of attacks if a
-verifier _fails open_ by enforcing the second and third criteria partially. For
-example, some verifier may not enforce these criteria at all, and so would
-accept data from a malicious data mirror without proofs of public logging.
-Someone in a similar area may be able to detect this and report the attack.
-
-Another example of partial enforcement would be if a verifier required logging
-in a known log without witnessing. Attacks against the signer's signing and
-release infrastructure would be detected if the log is not compromised.
-
#### 3.2.6 - Monitoring
An often overlooked step is that transparency logging falls short if no-one
keeps track of what appears in the public logs. Monitoring is necessarily