| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The claimant model was mostly pulled from this document. It is useful
to define use-cases of sigsum in a succinct way, but not helpful to tell
the reader about the concrete design that we have for a sigsum log.
(We still have a separate document that uses the claimant model.)
This refactor also tries to remove focus from use-cases that in general
are messy, and instead focus on the simple sigsum logging design that
has a very well-defined and thought-through usage-pattern. The result
of this is that things should be a little bit more down-to-the-point.
|
|
|
|
|
|
|
| |
- Named it FAQ
- Linked pad with design things that we still consider
- Cleaned notes about what we should be adding
- Removed empty concluding remarks section
|
|
|
|
|
|
| |
- Minor rephrasing and white-space changes to make raw text nicer.
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Removed TODO in text about Figure 2. It works without it for now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor rephrasing and white-space changes to make raw text nicer.
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Removed paragraph about risk-averse attacker. It is not needed to
make our points right now. In a future revision, we should re-add this
and explain why it is interesting. It would also be a good idea to then
cite the two papers that z4lem mentioned a while back, see archive.
- Clarified that we need a threshold of witnesses that follow the
cosigning protocol for security. It is a start on addressing rohonk's
comment about which parties may (not) follow protocol and why.
- Emphasized that sigsum logging is only more course-grained than CT if
the data is actually lost. Hence, more course-grained _in isolation_.
- Added links to slow-down and split-view attacks.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor rephrasing and white-space changes to make raw text nicer.
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Replaced TPM quote example. Not easy for everyone to relate to.
- Added a paragraph with examples of how our design goals are not
fulfilled by CT. This starts to address Rohon's comment about having
comparative study. Elaborate later on, and include more than just CT.
- Pointed out that our abstract setting is not 100% claimant model. For
example, the claimant model does not say much about role interaction.
- Fixed missing and broken links.
|
|
|
|
|
|
| |
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Promise less about use-case discussion. We are not there yet.
- Emphasize that we want feedback by having that on a separate line.
|
| |
|
| |
|
|
|
|
| |
Slightly more general claim -- "protocols" and "data formats".
|
| |
|
| |
|
|
|
|
| |
Yay!
|
|
|
|
| |
Two "X" in the same section, unrelated, can be more confusing than clarifying.
|
|
|
|
|
|
| |
- more than two perspectives
- avoid "deployment" to refer to "log operations"
- don't say "idiot"
|
|
|
|
| |
So let's wait with using it. The sentence stands fine without it.
|
|
|
|
|
|
|
|
| |
They're also not typically communicated in a repository of any kind.
BGP updates _could_ of course be logged for non-realtime historical
storage (archiving) but as an example this early in the text it's
mostly confusing.
|
|
|
|
|
|
|
|
|
| |
- Improved introduction so that it gives a better intuition of how we
think about sigsum logging and what our contribution actually is
- Clarified that monitoring is a 4th step (monkey-patched)
- Added checkpoint as part of our design description
- Emphasized witnessing at the start of 'how it works'
- A bunch of minor edits and clarifications
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|