|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | |  | 
| | |  | 
| | 
| 
| 
| | Yay! | 
| | 
| 
| 
| | Two "X" in the same section, unrelated, can be more confusing than clarifying. | 
| | 
| 
| 
| 
| 
| | - more than two perspectives
- avoid "deployment" to refer to "log operations"
- don't say "idiot" | 
| | 
| 
| 
| | So let's wait with using it. The sentence stands fine without it. | 
| | 
| 
| 
| 
| 
| 
| 
| | They're also not typically communicated in a repository of any kind.
BGP updates _could_ of course be logged for non-realtime historical
storage (archiving) but as an example this early in the text it's
mostly confusing. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | - Improved introduction so that it gives a better intuition of how we
think about sigsum logging and what our contribution actually is
- Clarified that monitoring is a 4th step (monkey-patched)
- Added checkpoint as part of our design description
- Emphasized witnessing at the start of 'how it works'
- A bunch of minor edits and clarifications | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | A claimant may add additional implicit claims via policy. | 
| | 
| 
| 
| 
| 
| | - Better readability with full code blocks
- Replaced localhost with <base url>
- Generated new add-leaf example that should be valid | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | A believer can be convinced that a sigsum was logged after time T.  This
is because witnesses do Verifier(append-only) and Verifier(Freshness).
Outline: a claimant is about to log a sigsum.
1. Fetch the most recent cosigned tree head.
    - Timestamp is T
    - Tree size is N
2. Submit sigsum for logging.
3. Wait for inclusion at index N+k, k=>0.
4. Wait for next cosigned tree head.
    - Timestamp is T', where T' > T
    - Tree size is N', where N' > N+k
5. Download inclusion proof for tree size N'.
Now you can convince a believer that a sigsum is publicly logged.  Just
reveal inclusion proof which leads up to the second cosigned tree head.
Next, you can reveal the first cosigned tree head that _have not merged
that entry yet_.  This follows from the first cosigned tree head size,
and makes it obvious that the entry must have been merge after time T. | 
| | 
| 
| 
| 
| 
| 
| 
| | - Kept current formats and parsers
- Added key_hash in tree_head to protect against an attack
- Removed mentions of old terminology, e.g., submitter and end-user.
- Referenced some of our persisted discuss pads for additional context.
- Minor edits | 
| | |  | 
| | |  | 
|  |  |