From e02151344132f6df09db8a9abb886c763e068ce1 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 7 Sep 2021 17:08:24 +0200 Subject: don't require Trunnel --- doc/design.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/design.md b/doc/design.md index d1ada44..5d23df8 100644 --- a/doc/design.md +++ b/doc/design.md @@ -119,12 +119,13 @@ The only supported hash function is SHA256. Not having any cryptographic agility makes protocols and data formats simpler and more secure. - **Simple (de)serialization parsers:** complex (de)serialization parsers increase attack surfaces and make the system more difficult to use in -constrained environments. A claimant's sigsum statements are serialized using -[Trunnel](https://gitlab.torproject.org/tpo/core/trunnel/-/blob/main/doc/trunnel.md). -A sigsum log's statements are serialized using line-terminated ASCII +constrained environments. A claimant's sigsum statements can be (de)serialized using +[Trunnel](https://gitlab.torproject.org/tpo/core/trunnel/-/blob/main/doc/trunnel.md), +or "by hand" in many modern programming languages. +A sigsum log's statements are serialized as line-terminated ASCII [\[Checkpoint\]](). A sigsum log's HTTP(S) API uses line-terminated ASCII [\[SigsumAPI\]](). -The required parsing is easy to implement yourself. +The required parsing is easy to implement without too much trouble or dependencies. ### 1.4 - Roadmap First we describe our threat model. Then we give a bird's view of the design. -- cgit v1.2.3