| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Promise less about use-case discussion. We are not there yet.
- Emphasize that we want feedback by having that on a separate line.
|
| |
|
| |
|
|
|
|
| |
Slightly more general claim -- "protocols" and "data formats".
|
| |
|
| |
|
|
|
|
| |
Yay!
|
|
|
|
| |
Two "X" in the same section, unrelated, can be more confusing than clarifying.
|
|
|
|
|
|
| |
- more than two perspectives
- avoid "deployment" to refer to "log operations"
- don't say "idiot"
|
|
|
|
| |
So let's wait with using it. The sentence stands fine without it.
|
|
|
|
|
|
|
|
| |
They're also not typically communicated in a repository of any kind.
BGP updates _could_ of course be logged for non-realtime historical
storage (archiving) but as an example this early in the text it's
mostly confusing.
|
|
|
|
|
|
|
|
|
| |
- Improved introduction so that it gives a better intuition of how we
think about sigsum logging and what our contribution actually is
- Clarified that monitoring is a 4th step (monkey-patched)
- Added checkpoint as part of our design description
- Emphasized witnessing at the start of 'how it works'
- A bunch of minor edits and clarifications
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
A claimant may add additional implicit claims via policy.
|
|
|
|
|
|
| |
- Better readability with full code blocks
- Replaced localhost with <base url>
- Generated new add-leaf example that should be valid
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A believer can be convinced that a sigsum was logged after time T. This
is because witnesses do Verifier(append-only) and Verifier(Freshness).
Outline: a claimant is about to log a sigsum.
1. Fetch the most recent cosigned tree head.
- Timestamp is T
- Tree size is N
2. Submit sigsum for logging.
3. Wait for inclusion at index N+k, k=>0.
4. Wait for next cosigned tree head.
- Timestamp is T', where T' > T
- Tree size is N', where N' > N+k
5. Download inclusion proof for tree size N'.
Now you can convince a believer that a sigsum is publicly logged. Just
reveal inclusion proof which leads up to the second cosigned tree head.
Next, you can reveal the first cosigned tree head that _have not merged
that entry yet_. This follows from the first cosigned tree head size,
and makes it obvious that the entry must have been merge after time T.
|
|
|
|
|
|
|
|
| |
- Kept current formats and parsers
- Added key_hash in tree_head to protect against an attack
- Removed mentions of old terminology, e.g., submitter and end-user.
- Referenced some of our persisted discuss pads for additional context.
- Minor edits
|
| |
|
| |
|
|
|