blob: 24879e263ac154f0689e23e74a689d29326f86c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Sigsum logging brings transparency to signed checksums. This makes it possible
to detect malicious and unintended key-usage. In other words, no signature
accepted by an end-user goes unnoticed.
> A new signature made with my key was just logged.
> Was that signature expected?
Specific use-cases can be implemented on-top of the minimal building block that
Sigsum provides. Examples include transparency for executable binaries, TPM
quotes, and onion address rulesets.
> Everyone gets the same binaries.
> Signed binary checksums become public in Sigsum logs.
> Each binary is locatable on a separate release page.
> An independent monitor can verify these claims.
Sigsum is designed to be secure against a powerful attacker that controls:
- The signer's secret key and infrastructure
- The log's secret key and infrastructure
- A threshold of so-called witnesses that cosign the log
Any use-case that cannot tolerate a few minutes of logging latency is out of
scope. This and other aspects keep the Sigsum design simple, both with regards
to operations and end-user verification.
|
