aboutsummaryrefslogtreecommitdiff
path: root/doc/design.md
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-07 14:34:12 +0200
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-07 14:38:20 +0200
commitacc5c838aa05ccfcd7bc7fd96a1342e803ebd88a (patch)
tree6f9edaeed7b4aca07a75bc74b11a02370614c10e /doc/design.md
parent5fc8464265c5ded36521504bf319753fac0d473d (diff)
rephrased "the right data" pitch
There is a risk that "the right data" is confused with "what do you mean, obviously it is the right data if there is a valid signature". Tried just reword.
Diffstat (limited to 'doc/design.md')
-rw-r--r--doc/design.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/design.md b/doc/design.md
index 4746e55..fca64ea 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -31,10 +31,10 @@ The signing party is called a _signer_.
The user of the signed data is called a _verifier_.
The problem with _just digital signing_ is that it is difficult to determine
-whether the signed data is actually _the right data_.
+whether the signed data is _actually the data that should have been signed_.
How would we detect if a secret signing key got compromised?
How would we detect if something was signed by mistake, or even worse,
-if the signing party was forced to sign the wrong data against their will?
+if the signing party was forced to sign malicious data against their will?
Sigsum logs make it possible to answers these types of questions. The basic
idea is to make a signer's _key-usage_ transparent. This is a powerful building