| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
cf commit a242308c
|
|
|
|
|
|
| |
Needed for being able to verify signatures.
Also, remove struct statement since we won't expose it and have no use
for it.
|
|
|
|
| |
See details in proposals/2022-01-log-url.
|
|
|
|
| |
See details in proposals/2022-02-end-user-terminology.md.
|
|
|
|
| |
The majority of this commit is from ln5, thank you.
|
| |
|
|
|
|
| |
Refer to doc/proposals/2021-11-ssh-signature-format.md for details.
|
|
|
|
|
|
|
|
|
| |
Refer to
doc/proposals/2022-01-tree-head-endpoint
doc/proposals/2022-01-no-quick-tree-head-endpoint
for details.
|
|
|
|
|
|
|
|
|
|
| |
Refer to doc/proposals/2021-11-remove-arbitrary-bytes.md for details.
Since our proposal left the exact terminology undefined, this commit
took a stab at that. The main idea was to keep referring to what we
have in a leaf and what is being signed as a _checksum_. This ensures
that we are not undermining or stepping away from our core of "signed
checksums". It seemed quite natural to refer to a checksum's preimage.
|
|
|
|
| |
Refer to doc/proposals/2022-01-add-leaf-endpoint for details.
|
|
|
|
| |
Refer to doc/proposals/2022-01-domain-hint for details.
|
|
|
|
| |
Refer to archive/doc/proposals/2022-01-get-endpoints for details.
|
|
|
|
| |
Sigsum logs should now use open-ended shard intervals.
|
| |
|
|
|
|
|
|
|
|
|
| |
- s/verifier/monitor
- s/claimant/signer
- s/believer/verifier
- s/opaque data/data
- minor rewordings related to these substitutions
- referenced a possible timestamp usage
|
|
|
|
| |
A claimant may add additional implicit claims via policy.
|
|
|
|
|
|
| |
- Better readability with full code blocks
- Replaced localhost with <base url>
- Generated new add-leaf example that should be valid
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A believer can be convinced that a sigsum was logged after time T. This
is because witnesses do Verifier(append-only) and Verifier(Freshness).
Outline: a claimant is about to log a sigsum.
1. Fetch the most recent cosigned tree head.
- Timestamp is T
- Tree size is N
2. Submit sigsum for logging.
3. Wait for inclusion at index N+k, k=>0.
4. Wait for next cosigned tree head.
- Timestamp is T', where T' > T
- Tree size is N', where N' > N+k
5. Download inclusion proof for tree size N'.
Now you can convince a believer that a sigsum is publicly logged. Just
reveal inclusion proof which leads up to the second cosigned tree head.
Next, you can reveal the first cosigned tree head that _have not merged
that entry yet_. This follows from the first cosigned tree head size,
and makes it obvious that the entry must have been merge after time T.
|
|
|
|
|
|
|
|
| |
- Kept current formats and parsers
- Added key_hash in tree_head to protect against an attack
- Removed mentions of old terminology, e.g., submitter and end-user.
- Referenced some of our persisted discuss pads for additional context.
- Minor edits
|
| |
|
|
|