Dear all, I've started looking into building a more complete and stable Sigsum verifier to run in the browser extension I'm prototyping. The model I sent previously changed a bit, we are removing Sigstore, to allow website administrators to specify their own ed25519 signing keys, and bring their own logs. The "bring your own log" model has been suggested in the WAICT proposal[1], and I think it improved decentralization for the better.
I think the WAICT proposal refers to a type of log, or in general to log software that does not exists yet, and I think Sigsum fits the job well. I would like thus for website administrators to specify a Sigsum policy, but since that will be shipped in the HTTP headers, I'd need something more serialization friendly, such as JSON.
While looking into the policy format, I was wondering why the quorum is global and not per log?
In a JSON like format, I was imagining something like this, also to reduce to the minimum key/texts duplication:
{ "witnesses": { "X1": "base64-key-X1", "X2": "base64-key-X2", "X3": "base64-key-X3", "Y1": "base64-key-Y1", "Y2": "base64-key-Y2", "Y3": "base64-key-Y3", "Z1": "base64-key-Z1" }, "groups": { "X-witnesses": { "2": ["X1", "X2", "X3"] }, "Y-witnesses": { "any": ["Y1", "Y2", "Y3"] }, "Z-witnesses": { "all": ["Z1"] }, "XY-majority": { "all": ["X-witnesses", "Y-witnesses"] }, "Trusted-Bloc": { "any": ["XY-majority", "Z-witnesses"] } }, "logs": [ { "base_url": "https://log-a.example.org", "public_key": "base64-logkey-A", "quorum": "X-witnesses" }, { "base_url": "https://log-b.example.org", "public_key": "base64-logkey-B", "quorum": "Trusted-Bloc" } ] }
It's just exploratory, but I'm a bit confused by the multi-log model. For instance, you'd expect the signers to send to two logs and then provide back two proofs bundles, or you'd expect a log with a policy with multiple logs, to propagate to the second log?
In this format, I'd support per-log quorum, and probably thus expect multiple proofs.
Cheers Giulio
[1] https://github.com/rozbb/draft-waict-transparency/blob/main/draft-waict-tran...