aboutsummaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* documented the decided ssh signature formatRasmus Dahlberg2022-01-312-66/+76
| | | | Refer to doc/proposals/2021-11-ssh-signature-format.md for details.
* documented decided get-tree-head endpoint proposalRasmus Dahlberg2022-01-312-44/+28
| | | | | | | | | Refer to doc/proposals/2022-01-tree-head-endpoint doc/proposals/2022-01-no-quick-tree-head-endpoint for details.
* documented the decided remove arbitrary bytes proposalRasmus Dahlberg2022-01-312-16/+32
| | | | | | | | | | Refer to doc/proposals/2021-11-remove-arbitrary-bytes.md for details. Since our proposal left the exact terminology undefined, this commit took a stab at that. The main idea was to keep referring to what we have in a leaf and what is being signed as a _checksum_. This ensures that we are not undermining or stepping away from our core of "signed checksums". It seemed quite natural to refer to a checksum's preimage.
* changed status from open to decidedRasmus Dahlberg2022-01-311-1/+1
| | | | See decision in archive/2022-01-04--meeting-minutes.
* added note about naming in a decided proposalRasmus Dahlberg2022-01-311-0/+3
|
* documented the decided add-leaf endpoint proposalRasmus Dahlberg2022-01-312-8/+10
| | | | Refer to doc/proposals/2022-01-add-leaf-endpoint for details.
* documented the decided domain hint proposalRasmus Dahlberg2022-01-312-3/+10
| | | | Refer to doc/proposals/2022-01-domain-hint for details.
* documented the decided get-* endpoint proposalRasmus Dahlberg2022-01-312-26/+29
| | | | Refer to archive/doc/proposals/2022-01-get-endpoints for details.
* moved some persisted pads to proposal directoryRasmus Dahlberg2022-01-316-0/+372
| | | | See doc/proposals/2022-01-how-to-use-proposal-folder for details.
* persisted pads from meeting minutesRasmus Dahlberg2022-01-252-0/+63
|
* re-opened remove-arbitrary-bytes proposalRasmus Dahlberg2021-12-221-1/+1
| | | | It did not become part of the SSH signing format proposal after all.
* fixed typoRasmus Dahlberg2021-12-051-3/+3
|
* added proposal into main documentationRasmus Dahlberg2021-12-043-12/+16
| | | | Sigsum logs should now use open-ended shard intervals.
* added aborted statusRasmus Dahlberg2021-12-041-9/+13
| | | | | We get the remove arbitrary bytes proposal "for free" when switching to a signing format that is backwards-compatible with SSH signatures.
* added to-be-implemented statusRasmus Dahlberg2021-12-041-7/+9
| | | | We decided to implement open-ended shard interval on 2021-11-23.
* update ssh signing format proposalLinus Nordberg2021-11-301-39/+126
|
* add textLinus Nordberg2021-11-161-0/+140
| | | | | Punting on all crypto agility for now. Let's make a separate proposal out of the contents of the section "Related questions".
* added remove arbitrary bytes proposalRasmus Dahlberg2021-11-151-0/+32
|
* added open-ended shard interval proposalRasmus Dahlberg2021-11-151-0/+34
|
* add placeholder for the ssh sig format ideaLinus Nordberg2021-11-151-0/+0
|
* added project launch linkRasmus Dahlberg2021-10-131-1/+1
|
* reordered shard hint and domain hint in §4Rasmus Dahlberg2021-10-131-22/+22
| | | | | | After our refactor rate limits are no longer mentioned in §3. The domain hint subsection contains that text now, and should therefore be before the shard hint subsection that assumed it is already explained.
* fixed typoRasmus Dahlberg2021-10-131-1/+1
|
* added history.md documentRasmus Dahlberg2021-10-131-0/+38
|
* defined what type of hex encoding is permittedRasmus Dahlberg2021-10-121-4/+4
|
* cleaned-up more questions sectionRasmus Dahlberg2021-10-121-5/+1
| | | | | | | | | These questions are to some extent answered as part of our refactor, or addressed as things we are still open to think more about. I think we can leave them out for now and add them later _with answers_ if needed. I kept the privacy concerns question because that is not addressed anywhere yet. We think that the answer is "mostly none".
* removed comments about partial enforcementRasmus Dahlberg2021-10-121-10/+0
| | | | | | | To be re-added at a later time somewhere else. It is not helpful for a reader that is trying to understand the basic design for the first time. Spotted by ln5.
* renamed section 4.4Rasmus Dahlberg2021-10-121-1/+1
| | | | Discussed with ln5.
* minor wordingLinus Nordberg2021-10-121-6/+6
|
* added additional witnessing thoughts in FAQRasmus Dahlberg2021-10-101-4/+22
|
* emphasized "attacker" instead of "log operator"Rasmus Dahlberg2021-10-101-2/+2
|
* explained property of usage pattern that relates to shardingRasmus Dahlberg2021-10-101-5/+13
|
* fixed overflowing lines, no content changesRasmus Dahlberg2021-10-102-44/+55
|
* added a few minor editsRasmus Dahlberg2021-10-102-16/+14
|
* keep summary session at its current locationRasmus Dahlberg2021-10-101-1/+0
| | | | | | | | | | | | I don't think it improves our design document by being moved. We already have a summary of properties in the introduction, and an easier primer at the start of Section 3 that is strongly coupled to Figure 1. Perhaps it is no longer necessary though. When we wrote this we did not have a summary of properties in introduction, or a relatively detailed walk-through of the log's intended usage-pattern. I'm fine with both keeping as is or deleting if it feels redundant.
* reworked partial enforcement of verification criteriaRasmus Dahlberg2021-10-101-9/+10
| | | | | - Expanded into two separate examples - Moved it into the verification subsection
* refactored extended domain hint text into FAQRasmus Dahlberg2021-10-101-21/+22
|
* fixed small/medium issues and left some commentsLinus Nordberg2021-10-101-63/+67
| | | | | | | | | | - Deleted unnecessary roadmap - Clarified distribution and verification section - Proposed down-to-the-point text for domain hint description - Left comments that we should consider addressing - A bunch of minor edits For transparency this commit was squashed and rebased by rgdd.
* updated terminology that was lagging behindRasmus Dahlberg2021-10-102-22/+24
| | | | | | | | | - s/verifier/monitor - s/claimant/signer - s/believer/verifier - s/opaque data/data - minor rewordings related to these substitutions - referenced a possible timestamp usage
* used the same examples on website and design.mdRasmus Dahlberg2021-10-071-2/+1
|
* emphasized that monitors look for unwanted key-usageRasmus Dahlberg2021-10-072-1/+1
|
* removed unnecessary sentence in threat modelRasmus Dahlberg2021-10-072-4/+3
|
* fixed bad formulationRasmus Dahlberg2021-10-071-2/+2
|
* added example of non-scope in our architectureRasmus Dahlberg2021-10-071-2/+4
|
* refactored Figure 1 and primer textRasmus Dahlberg2021-10-071-37/+34
| | | | | - Added anti-spam mechanism, completes figures without too much clutter - Minor rewordings that simplified description
* fixed s/transparent log/transparency log/gRasmus Dahlberg2021-10-071-8/+8
|
* expressed goal without higher-level use-cases in mindRasmus Dahlberg2021-10-071-6/+2
|
* refactored abstract to better describe sigsum loggingRasmus Dahlberg2021-10-071-5/+8
|
* rephrased "the right data" pitchRasmus Dahlberg2021-10-072-3/+3
| | | | | | | There is a risk that "the right data" is confused with "what do you mean, obviously it is the right data if there is a valid signature". Tried just reword.
* added a major refactor of design.mdRasmus Dahlberg2021-10-051-268/+270
| | | | | | | | | | | | | The claimant model was mostly pulled from this document. It is useful to define use-cases of sigsum in a succinct way, but not helpful to tell the reader about the concrete design that we have for a sigsum log. (We still have a separate document that uses the claimant model.) This refactor also tries to remove focus from use-cases that in general are messy, and instead focus on the simple sigsum logging design that has a very well-defined and thought-through usage-pattern. The result of this is that things should be a little bit more down-to-the-point.