From cd176c54bbac45690488e392afeaa57ac4b27818 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 7 Oct 2021 20:41:06 +0200 Subject: simplified website text More emphasis on what a sigsum log actually provides, and less emphasis on the details about how one can think about the cool use-cases that are possible on-top of a sigsum log. Just list relatable examples instead. Also fixed capitalization typos for Sigsum, "the project". --- README.md | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 187a8e0..fc54744 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,31 @@ # The Sigsum Project -Sigsum is a free and open source project that brings transparency logging to -**sig**ned check**sum**s. Logging sigsums and not a more concrete type like -TLS certificates keeps the overall design simple and generally useful. +Sigsum is a free and open-source project that brings transparency logging to +**sig**ned check**sum**s. The overall design is kept general by not logging +a more concrete data structure like TLS certificates or Go modules. -- [x] Minimalistic design that simplifies log operations and usage +- [x] Discoverability of signed checksums for the data of your choice - [x] Centralised log operations but distributed trust assumptions -- [x] Discoverability of statements for the data of your choice - -A minimal statement encodes the following claim: the right data has a -certain cryptographic hash. You can add additional meaning to each -statement. For example, you may use a sigsum log to claim things like -(i) everyone gets the same executable binaries, -(ii) a domain does not serve malicious javascript, or -(iii) a list of key-value pairs is maintained with policy Y. - -Sigsum logging makes it reasonable to believe a claim by adding enough -discoverability to facilitate verification. - -Please refer to the -[design document](https://git.sigsum.org/sigsum/tree/doc/design.md), the -[API specification](https://git.sigsum.org/sigsum/tree/doc/api.md), and the -[log prototype](https://git.sigsum.org/sigsum-log-go/tree/README.md) +- [x] Minimalistic design that simplifies log operations and usage + +Sigsum logging can be used to make a signer's key-usage transparent. For +example, malicious and unintended key-usage can be detected. Transparent +key-usage also facilitates verification of falsifiable claims. + +Examples include: +- Everyone gets the same executable binaries +- A domain does not serve malicious javascript +- A list of key-value pairs is maintained with a certain policy + +Please refer to the sigsum logging +[design document](https://git.sigsum.org/sigsum/tree/doc/design.md), +[API specification](https://git.sigsum.org/sigsum/tree/doc/api.md), and +[public prototype](https://git.sigsum.org/sigsum-log-go/tree/README.md) to learn more. ## Services Sigsum is self-hosting all services required to function as a software project. -Each service is operated on a best-effort level that is good enough for sigsum to -rely upon. Please report any issues to the sigsum team via chat or email. +Each service is operated on a best-effort level that is good enough for Sigsum +to rely upon. Please report any issues to the Sigsum team via chat or email. ### Chat Chat with users and developers on IRC or Matrix. The rooms -- cgit v1.2.3