removed unnecessary sentence in threat model

author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2021-10-07 18:39:59 +0200
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2021-10-07 18:39:59 +0200
commit: 72a7c79e55120b05aef7a8b356ee273984c7f1ce (patch)
tree: ab3f19d863e370e3632f29ce2df9cd1490328282 /doc/design.md
parent: 238a4b1ac9ae2a91cef28e6d2df9ebd2fbb0e882 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/doc/design.md b/doc/design.md
index b177f85..57bc919 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -130,10 +130,9 @@ Transparency Log
 	[\[DigiCert\]](https://groups.google.com/a/chromium.org/g/ct-policy/c/aKNbZuJzwfM).
 
 The overall system is said to be secure if a monitor can discover every signed
-checksum that a verifier would accept, or alternatively, if log misbehavior can
-be detected.  A log can misbehave by not presenting the same append-only Merkle
-tree to everyone.  A log operator would only do that if it is likely to go
-unnoticed.
+checksum that a verifier would accept.  A log can misbehave by not presenting
+the same append-only Merkle tree to everyone because it is attacker-controlled.
+However, a log operator would only do that if it is likely to go unnoticed.
 
 For security we need a collision resistant hash function and an unforgeable
 signature scheme.  We also assume that at most a threshold of independent
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2021-10-07 18:39:59 +0200
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2021-10-07 18:39:59 +0200
commit	72a7c79e55120b05aef7a8b356ee273984c7f1ce (patch)
tree	ab3f19d863e370e3632f29ce2df9cd1490328282 /doc/design.md
parent	238a4b1ac9ae2a91cef28e6d2df9ebd2fbb0e882 (diff)