diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 00:04:16 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 00:54:13 +0200 |
commit | 16041237842bc729782acb828abd795b6f5935d4 (patch) | |
tree | 3852a25b11b53fd23a411b13a82d3c8b81492ce1 /doc/.design.md.swp | |
parent | c466d2360c5ab4e042f6c778468b9073017f4bd6 (diff) |
updated threat model
- Minor rephrasing and white-space changes to make raw text nicer.
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Removed paragraph about risk-averse attacker. It is not needed to
make our points right now. In a future revision, we should re-add this
and explain why it is interesting. It would also be a good idea to then
cite the two papers that z4lem mentioned a while back, see archive.
- Clarified that we need a threshold of witnesses that follow the
cosigning protocol for security. It is a start on addressing rohonk's
comment about which parties may (not) follow protocol and why.
- Emphasized that sigsum logging is only more course-grained than CT if
the data is actually lost. Hence, more course-grained _in isolation_.
- Added links to slow-down and split-view attacks.
Diffstat (limited to 'doc/.design.md.swp')
0 files changed, 0 insertions, 0 deletions