don't require Trunnel

author: Linus Nordberg <linus@nordberg.se> 2021-09-07 17:08:24 +0200
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2021-10-02 00:54:13 +0200
commit: e02151344132f6df09db8a9abb886c763e068ce1 (patch)
tree: 9d2a004143dc9e18bbe1627da276208a67eff57d /doc/design.md
parent: f75998d4b7828b653e6c3127dd1f5f31ee5914a2 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/doc/design.md b/doc/design.md
index d1ada44..5d23df8 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -119,12 +119,13 @@ The only supported hash function is SHA256.  Not having any cryptographic
 agility makes protocols and data formats simpler and more secure.
 - **Simple (de)serialization parsers:** complex (de)serialization parsers
 increase attack surfaces and make the system more difficult to use in
-constrained environments.  A claimant's sigsum statements are serialized using
-[Trunnel](https://gitlab.torproject.org/tpo/core/trunnel/-/blob/main/doc/trunnel.md).
-A sigsum log's statements are serialized using line-terminated ASCII
+constrained environments.  A claimant's sigsum statements can be (de)serialized using
+[Trunnel](https://gitlab.torproject.org/tpo/core/trunnel/-/blob/main/doc/trunnel.md),
+or "by hand" in many modern programming languages.
+A sigsum log's statements are serialized as line-terminated ASCII
 [\[Checkpoint\]]().
 A sigsum log's HTTP(S) API uses line-terminated ASCII [\[SigsumAPI\]]().
-The required parsing is easy to implement yourself.
+The required parsing is easy to implement without too much trouble or dependencies.
 
 ### 1.4 - Roadmap
 First we describe our threat model.  Then we give a bird's view of the design.
author	Linus Nordberg <linus@nordberg.se>	2021-09-07 17:08:24 +0200
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2021-10-02 00:54:13 +0200
commit	e02151344132f6df09db8a9abb886c763e068ce1 (patch)
tree	9d2a004143dc9e18bbe1627da276208a67eff57d /doc/design.md
parent	f75998d4b7828b653e6c3127dd1f5f31ee5914a2 (diff)