| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Sigsum logs should now use open-ended shard intervals.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- s/verifier/monitor
- s/claimant/signer
- s/believer/verifier
- s/opaque data/data
- minor rewordings related to these substitutions
- referenced a possible timestamp usage
|
| |
|
|
| |
A claimant may add additional implicit claims via policy.
|
| |
|
|
|
|
| |
- Better readability with full code blocks
- Replaced localhost with <base url>
- Generated new add-leaf example that should be valid
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A believer can be convinced that a sigsum was logged after time T. This
is because witnesses do Verifier(append-only) and Verifier(Freshness).
Outline: a claimant is about to log a sigsum.
1. Fetch the most recent cosigned tree head.
- Timestamp is T
- Tree size is N
2. Submit sigsum for logging.
3. Wait for inclusion at index N+k, k=>0.
4. Wait for next cosigned tree head.
- Timestamp is T', where T' > T
- Tree size is N', where N' > N+k
5. Download inclusion proof for tree size N'.
Now you can convince a believer that a sigsum is publicly logged. Just
reveal inclusion proof which leads up to the second cosigned tree head.
Next, you can reveal the first cosigned tree head that _have not merged
that entry yet_. This follows from the first cosigned tree head size,
and makes it obvious that the entry must have been merge after time T.
|
| |
|
|
|
|
|
|
| |
- Kept current formats and parsers
- Added key_hash in tree_head to protect against an attack
- Removed mentions of old terminology, e.g., submitter and end-user.
- Referenced some of our persisted discuss pads for additional context.
- Minor edits
|
| | |
|
| |
|
