| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor rephrasing and white-space changes to make raw text nicer.
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Replaced TPM quote example. Not easy for everyone to relate to.
- Added a paragraph with examples of how our design goals are not
fulfilled by CT. This starts to address Rohon's comment about having
comparative study. Elaborate later on, and include more than just CT.
- Pointed out that our abstract setting is not 100% claimant model. For
example, the claimant model does not say much about role interaction.
- Fixed missing and broken links.
|
|
|
|
|
|
| |
- Avoid using sigsum as "signed checksum" in text. Not helpful.
- Promise less about use-case discussion. We are not there yet.
- Emphasize that we want feedback by having that on a separate line.
|
| |
|
| |
|
|
|
|
| |
Slightly more general claim -- "protocols" and "data formats".
|
| |
|
| |
|
|
|
|
| |
Yay!
|
|
|
|
| |
Two "X" in the same section, unrelated, can be more confusing than clarifying.
|
|
|
|
|
|
| |
- more than two perspectives
- avoid "deployment" to refer to "log operations"
- don't say "idiot"
|
|
|
|
| |
So let's wait with using it. The sentence stands fine without it.
|
|
|
|
|
|
|
|
| |
They're also not typically communicated in a repository of any kind.
BGP updates _could_ of course be logged for non-realtime historical
storage (archiving) but as an example this early in the text it's
mostly confusing.
|
|
|
|
|
|
|
|
|
| |
- Improved introduction so that it gives a better intuition of how we
think about sigsum logging and what our contribution actually is
- Clarified that monitoring is a 4th step (monkey-patched)
- Added checkpoint as part of our design description
- Emphasized witnessing at the start of 'how it works'
- A bunch of minor edits and clarifications
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
A claimant may add additional implicit claims via policy.
|
|
|
|
|
|
| |
- Better readability with full code blocks
- Replaced localhost with <base url>
- Generated new add-leaf example that should be valid
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A believer can be convinced that a sigsum was logged after time T. This
is because witnesses do Verifier(append-only) and Verifier(Freshness).
Outline: a claimant is about to log a sigsum.
1. Fetch the most recent cosigned tree head.
- Timestamp is T
- Tree size is N
2. Submit sigsum for logging.
3. Wait for inclusion at index N+k, k=>0.
4. Wait for next cosigned tree head.
- Timestamp is T', where T' > T
- Tree size is N', where N' > N+k
5. Download inclusion proof for tree size N'.
Now you can convince a believer that a sigsum is publicly logged. Just
reveal inclusion proof which leads up to the second cosigned tree head.
Next, you can reveal the first cosigned tree head that _have not merged
that entry yet_. This follows from the first cosigned tree head size,
and makes it obvious that the entry must have been merge after time T.
|
|
|
|
|
|
|
|
| |
- Kept current formats and parsers
- Added key_hash in tree_head to protect against an attack
- Removed mentions of old terminology, e.g., submitter and end-user.
- Referenced some of our persisted discuss pads for additional context.
- Minor edits
|
| |
|
| |
|
|
|