From 2f7f214e9df9c7e48d114ee233fb91b76d7e4294 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sat, 2 Oct 2021 00:04:03 +0200 Subject: updated abstract - Avoid using sigsum as "signed checksum" in text. Not helpful. - Promise less about use-case discussion. We are not there yet. - Emphasize that we want feedback by having that on a separate line. --- doc/design.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/design.md b/doc/design.md index 87e95ca..7ef8a4e 100644 --- a/doc/design.md +++ b/doc/design.md @@ -1,10 +1,9 @@ # Sigsum Logging Design v0 We propose sigsum logging. It is similar to Certificate Transparency, except -that cryptographically **sig**ned check**sum**s are logged instead of X.509 -certificates. Publicly logging sigsum statements allow anyone to discover which +that cryptographically **sig**ned check**sum**s are logged instead of TLS +certificates. Publicly logging signed checksums allow anyone to discover which keys produced what checksum signatures. For example, malicious and unintended -key-usage can be _detected_. We present our design and discuss a few use-cases -like binary transparency and reproducible builds. +key-usage can be _detected_. This document motivates and presents our design. **Preliminaries.** You have basic understanding of cryptographic primitives, e.g., digital @@ -13,8 +12,9 @@ Certificate Transparency solves and how. **Warning.** This is a work-in-progress document that may be moved or modified. A future -revision of this document will bump the version number to v1. Please let us -know if you have any feedback. +revision of this document will bump the version number to v1. + +Please let us know if you have any feedback. ## 1 - Introduction Transparent logs make it possible to detect unwanted events. For example, -- cgit v1.2.3