diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-07 20:41:06 +0200 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-07 20:41:06 +0200 |
| commit | cd176c54bbac45690488e392afeaa57ac4b27818 (patch) | |
| tree | 1f26e12edf865d1496e723def58074169cbd7c0c /README.md | |
| parent | bb118ec24bea9de70ea0b3858e8f89badfe12023 (diff) | |
simplified website text
More emphasis on what a sigsum log actually provides, and less emphasis
on the details about how one can think about the cool use-cases that are
possible on-top of a sigsum log. Just list relatable examples instead.
Also fixed capitalization typos for Sigsum, "the project".
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 43 |
1 files changed, 21 insertions, 22 deletions
@@ -1,32 +1,31 @@ # The Sigsum Project -Sigsum is a free and open source project that brings transparency logging to -**sig**ned check**sum**s. Logging sigsums and not a more concrete type like -TLS certificates keeps the overall design simple and generally useful. +Sigsum is a free and open-source project that brings transparency logging to +**sig**ned check**sum**s. The overall design is kept general by not logging +a more concrete data structure like TLS certificates or Go modules. -- [x] Minimalistic design that simplifies log operations and usage +- [x] Discoverability of signed checksums for the data of your choice - [x] Centralised log operations but distributed trust assumptions -- [x] Discoverability of statements for the data of your choice - -A minimal statement encodes the following claim: the right data has a -certain cryptographic hash. You can add additional meaning to each -statement. For example, you may use a sigsum log to claim things like -(i) everyone gets the same executable binaries, -(ii) a domain does not serve malicious javascript, or -(iii) a list of key-value pairs is maintained with policy Y. - -Sigsum logging makes it reasonable to believe a claim by adding enough -discoverability to facilitate verification. - -Please refer to the -[design document](https://git.sigsum.org/sigsum/tree/doc/design.md), the -[API specification](https://git.sigsum.org/sigsum/tree/doc/api.md), and the -[log prototype](https://git.sigsum.org/sigsum-log-go/tree/README.md) +- [x] Minimalistic design that simplifies log operations and usage + +Sigsum logging can be used to make a signer's key-usage transparent. For +example, malicious and unintended key-usage can be detected. Transparent +key-usage also facilitates verification of falsifiable claims. + +Examples include: +- Everyone gets the same executable binaries +- A domain does not serve malicious javascript +- A list of key-value pairs is maintained with a certain policy + +Please refer to the sigsum logging +[design document](https://git.sigsum.org/sigsum/tree/doc/design.md), +[API specification](https://git.sigsum.org/sigsum/tree/doc/api.md), and +[public prototype](https://git.sigsum.org/sigsum-log-go/tree/README.md) to learn more. ## Services Sigsum is self-hosting all services required to function as a software project. -Each service is operated on a best-effort level that is good enough for sigsum to -rely upon. Please report any issues to the sigsum team via chat or email. +Each service is operated on a best-effort level that is good enough for Sigsum +to rely upon. Please report any issues to the Sigsum team via chat or email. ### Chat Chat with users and developers on IRC or Matrix. The rooms |