blob: 8d9f93a666869b58f1b0e7a266f50812345328c0 (plain)

ofs	hex dump	ascii
0000	62 30 56 49 4d 20 38 2e 31 00 00 00 00 10 00 00 da 22 5f 61 7f 39 02 01 bc 40 00 00 72 67 64 64	b0VIM.8.1........"_a.9...@..rgdd
0020	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0040	00 00 00 00 69 7a 7a 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....izzy........................
0060	00 00 00 00 00 00 00 00 00 00 00 00 7e 72 67 64 64 2f 67 69 74 2f 73 69 67 73 75 6d 2f 73 69 67	............~rgdd/git/sigsum/sig
0080	73 75 6d 2f 64 6f 63 2f 64 65 73 69 67 6e 2e 6d 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	sum/doc/design.md...............
00a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
00c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
00e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0100	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0120	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0140	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0160	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0180	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
01a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
01c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
01e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0200	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0220	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0240	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0260	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0280	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
02a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
02c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
02e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0300	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0320	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0340	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0360	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0380	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
03a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
03c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
03e0	00 00 00 00 00 00 00 00 00 75 74 66 2d 38 0d 00 33 32 31 30 00 00 00 00 23 22 21 20 13 12 55 00	.........utf-8..3210....#"!...U.
0400	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0420	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0440	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0460	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0480	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
04a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
04c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
04e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0500	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0520	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0540	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0560	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0580	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
05a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
05c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
05e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0600	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0620	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0640	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0660	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0680	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
06a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
06c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
06e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0700	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0720	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0740	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0760	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0780	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
07a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
07c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
07e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0800	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0820	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0840	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0860	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0880	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
08a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
08c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
08e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0900	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0920	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0940	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0960	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0980	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
09a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
09c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
09e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0a00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0a20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0a40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0a60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0a80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0aa0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ac0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ae0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0b00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0b20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0b40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0b60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0b80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ba0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0bc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0be0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0c00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0c20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0c40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0c60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0c80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ca0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0cc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ce0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0d00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0d20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0d40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0d60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0d80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0da0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0dc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0de0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0e00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0e20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0e40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0e60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0e80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ea0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ec0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0ee0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0f00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0f20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0f40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0f60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0f80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0fa0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0fc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
0fe0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1000	74 70 07 00 7f 00 00 00 02 00 00 00 00 00 00 00 45 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00	tp..............E...............
1020	01 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00 46 00 00 00 00 00 00 00	................9.......F.......
1040	01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 7f 00 00 00 00 00 00 00	................................
1060	01 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 87 00 00 00 00 00 00 00	................<...............
1080	01 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 43 00 00 00 00 00 00 00 c5 00 00 00 00 00 00 00	................C...............
10a0	01 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00 08 01 00 00 00 00 00 00	................D...............
10c0	01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 2b 00 00 00 00 00 00 00 4c 01 00 00 00 00 00 00	................+.......L.......
10e0	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1100	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1120	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1140	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1160	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1180	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
11a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
11c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
11e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1200	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1220	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1240	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1260	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1280	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
12a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
12c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
12e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1300	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1320	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1340	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1360	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1380	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
13a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
13c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
13e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1400	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1420	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1440	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1460	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1480	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
14a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
14c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
14e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1500	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1520	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1540	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1560	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1580	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
15a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
15c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
15e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1600	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1620	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1640	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1660	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1680	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
16a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
16c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
16e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1700	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1720	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1740	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1760	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1780	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
17a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
17c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
17e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1800	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1820	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1840	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1860	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1880	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
18a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
18c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
18e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1900	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1920	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1940	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1960	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1980	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
19a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
19c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
19e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1a00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1a20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1a40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1a60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1a80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1aa0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ac0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ae0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1b00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1b20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1b40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1b60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1b80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ba0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1bc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1be0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1c00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1c20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1c40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1c60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1c80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ca0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1cc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ce0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1d00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1d20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1d40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1d60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1d80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1da0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1dc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1de0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1e00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1e20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1e40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1e60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1e80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ea0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ec0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1ee0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1f00	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1f20	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1f40	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1f60	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1f80	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1fa0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1fc0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
1fe0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
2000	61 64 00 00 03 00 00 00 33 01 00 00 00 10 00 00 45 00 00 00 00 00 00 00 e5 0f 00 00 96 0f 00 00	ad......3.......E...............
2020	48 0f 00 00 00 0f 00 00 b0 0e 00 00 65 0e 00 00 1d 0e 00 00 ce 0d 00 00 ac 0d 00 00 ab 0d 00 00	H...........e...................
2040	98 0d 00 00 50 0d 00 00 03 0d 00 00 da 0c 00 00 d9 0c 00 00 cc 0c 00 00 7f 0c 00 00 41 0c 00 00	....P.......................A...
2060	40 0c 00 00 13 0c 00 00 12 0c 00 00 fe 0b 00 00 b2 0b 00 00 86 0b 00 00 56 0b 00 00 21 0b 00 00	@.......................V...!...
2080	c9 0a 00 00 90 0a 00 00 25 0a 00 00 24 0a 00 00 d4 09 00 00 94 09 00 00 6c 09 00 00 38 09 00 00	........%...$...........l...8...
20a0	37 09 00 00 ea 08 00 00 9d 08 00 00 60 08 00 00 19 08 00 00 ce 07 00 00 cd 07 00 00 80 07 00 00	7...........`...................
20c0	2f 07 00 00 e6 06 00 00 e5 06 00 00 d3 06 00 00 a6 06 00 00 65 06 00 00 36 06 00 00 de 05 00 00	/...................e...6.......
20e0	ac 05 00 00 de 04 00 00 dd 04 00 00 8d 04 00 00 56 04 00 00 06 04 00 00 fc 03 00 00 92 03 00 00	................V...............
2100	6b 03 00 00 6a 03 00 00 4c 03 00 00 02 03 00 00 b7 02 00 00 6b 02 00 00 6a 02 00 00 1c 02 00 00	k...j...L...........k...j.......
2120	d1 01 00 00 81 01 00 00 33 01 00 00 00 00 00 00 00 00 00 70 6f 69 73 6f 6e 69 6e 67 2c 20 61 6e	........3..........poisoning,.an
2140	64 20 61 20 77 65 6c 6c 2d 64 65 66 69 6e 65 64 20 67 6f 73 73 69 70 20 70 72 6f 74 6f 63 6f 6c	d.a.well-defined.gossip.protocol
2160	20 77 69 74 68 6f 75 74 20 63 6f 6d 70 6c 65 78 20 61 75 64 69 74 69 6e 67 20 6c 6f 67 69 63 2e	.without.complex.auditing.logic.
2180	00 69 6e 63 6c 75 64 65 73 20 63 6f 6e 73 69 64 65 72 61 74 69 6f 6e 73 20 73 75 63 68 20 61 73	.includes.considerations.such.as
21a0	20 73 69 6d 70 6c 65 20 70 61 72 73 69 6e 67 2c 20 70 72 6f 74 65 63 74 69 6f 6e 20 61 67 61 69	.simple.parsing,.protection.agai
21c0	6e 73 74 20 6c 6f 67 20 73 70 61 6d 20 61 6e 64 00 65 78 61 6d 70 6c 65 20 6c 6f 67 20 6f 70 65	nst.log.spam.and.example.log.ope
21e0	72 61 74 69 6f 6e 73 20 61 6e 64 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 69 6e 20 63 6f 6e 73	rations.and.verification.in.cons
2200	74 72 61 69 6e 65 64 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 73 2e 20 20 54 68 69 73 00 57 65 20 77	trained.environments...This.We.w
2220	61 6e 74 20 74 68 65 20 72 65 73 75 6c 74 69 6e 67 20 64 65 73 69 67 6e 20 74 6f 20 62 65 20 65	ant.the.resulting.design.to.be.e
2240	61 73 79 20 66 72 6f 6d 20 6d 61 6e 79 20 64 69 66 66 65 72 65 6e 74 20 70 65 72 73 70 65 63 74	asy.from.many.different.perspect
2260	69 76 65 73 2c 20 66 6f 72 00 00 6d 69 6e 69 6d 61 6c 6c 79 20 72 65 71 75 69 72 65 64 20 6d 65	ives,.for..minimally.required.me
2280	74 61 64 61 74 61 2e 20 20 53 74 6f 72 69 6e 67 20 64 61 74 61 20 61 6e 64 20 72 69 63 68 20 6d	tadata...Storing.data.and.rich.m
22a0	65 74 61 64 61 74 61 20 69 73 20 61 20 6e 6f 6e 2d 67 6f 61 6c 2e 00 67 65 6e 65 72 61 6c 2e 20	etadata.is.a.non-goal..general..
22c0	20 54 68 65 72 65 66 6f 72 65 2c 20 73 69 67 73 75 6d 20 6c 6f 67 73 20 61 6c 6c 6f 77 20 6c 6f	.Therefore,.sigsum.logs.allow.lo
22e0	67 67 69 6e 67 20 6f 66 20 73 69 67 6e 65 64 20 63 68 65 63 6b 73 75 6d 20 61 6e 64 20 73 6f 6d	gging.of.signed.checksum.and.som
2300	65 00 54 68 65 20 67 6f 61 6c 20 6f 66 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 69 73 20	e.The.goal.of.sigsum.logging.is.
2320	74 6f 20 6d 61 6b 65 20 61 20 73 69 67 6e 65 72 27 73 20 6b 65 79 2d 75 73 61 67 65 20 74 72 61	to.make.a.signer's.key-usage.tra
2340	6e 73 70 61 72 65 6e 74 20 69 6e 00 23 23 23 20 31 2e 31 20 2d 20 47 6f 61 6c 73 20 61 6e 64 20	nsparent.in.###.1.1.-.Goals.and.
2360	6e 6f 6e 2d 73 63 6f 70 65 00 00 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 69 73 20 61 62 6f 75	non-scope..This.document.is.abou
2380	74 20 6f 75 72 20 6c 6f 67 20 64 65 73 69 67 6e 2e 00 20 20 20 20 20 20 20 20 5b 63 6c 61 69 6d	t.our.log.design..........[claim
23a0	61 6e 74 20 6d 6f 64 65 6c 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6f	ant.model](https://github.com/go
23c0	6f 67 6c 65 2f 74 72 69 6c 6c 69 61 6e 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 64 6f 63 73 2f 63	ogle/trillian/blob/master/docs/c
23e0	6c 61 69 6d 61 6e 74 6d 6f 64 65 6c 2f 43 6f 72 65 4d 6f 64 65 6c 2e 6d 64 29 2e 00 75 73 69 6e	laimantmodel/CoreModel.md)..usin
2400	67 20 74 68 65 00 20 20 20 20 20 20 20 20 5b 73 65 70 61 72 61 74 65 20 64 6f 63 75 6d 65 6e 74	g.the.........[separate.document
2420	5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 2e 73 69 67 73 75 6d 2e 6f 72 67 2f 73 69 67 73 75 6d 2f	](https://git.sigsum.org/sigsum/
2440	74 72 65 65 2f 64 6f 63 2f 63 6c 61 69 6d 61 6e 74 2e 6d 64 29 00 64 6f 63 75 6d 65 6e 74 20 74	tree/doc/claimant.md).document.t
2460	68 65 6d 20 62 61 73 65 64 20 6f 6e 20 77 68 61 74 20 70 65 6f 70 6c 65 20 61 72 65 20 77 6f 72	hem.based.on.what.people.are.wor
2480	6b 69 6e 67 20 6f 6e 20 69 6e 20 61 00 54 68 65 72 65 20 61 72 65 20 6d 61 6e 79 20 6f 74 68 65	king.on.in.a.There.are.many.othe
24a0	72 20 75 73 65 2d 63 61 73 65 73 20 74 68 61 74 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20	r.use-cases.that.sigsum.logging.
24c0	63 61 6e 20 68 65 6c 70 20 77 69 74 68 2e 20 20 57 65 20 69 6e 74 65 6e 64 20 74 6f 00 00 09 5b	can.help.with...We.intend.to...[
24e0	5c 5b 6e 75 73 65 6e 75 2d 64 72 61 66 74 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62	\[nusenu-draft\]](https://gitlab
2500	2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 6e 75 73 65 6e 75 2f 74 6f 72 73 70 65 63 2f 2d	.torproject.org/nusenu/torspec/-
2520	2f 62 6c 6f 62 2f 73 69 6d 70 6c 65 2d 77 6f 74 2d 66 6f 72 2d 72 65 6c 61 79 2d 6f 70 65 72 61	/blob/simple-wot-for-relay-opera
2540	74 6f 72 2d 69 64 73 2f 70 72 6f 70 6f 73 61 6c 73 2f 69 64 65 61 73 2f 78 78 78 2d 73 69 6d 70	tor-ids/proposals/ideas/xxx-simp
2560	6c 65 2d 72 65 6c 61 79 2d 6f 70 65 72 61 74 6f 72 2d 77 6f 74 2e 6d 64 23 61 2d 73 69 6d 70 6c	le-relay-operator-wot.md#a-simpl
2580	65 2d 77 65 62 2d 6f 66 2d 74 72 75 73 74 2d 66 6f 72 2d 74 6f 72 2d 72 65 6c 61 79 2d 6f 70 65	e-web-of-trust-for-tor-relay-ope
25a0	72 61 74 6f 72 2d 69 64 73 29 2e 00 2d 20 41 20 74 72 75 73 74 20 61 6e 63 68 6f 72 20 62 65 68	rator-ids)..-.A.trust.anchor.beh
25c0	61 76 65 73 20 61 63 63 6f 72 64 69 6e 67 20 74 6f 20 73 6f 6d 65 20 70 6f 6c 69 63 79 00 09 5b	aves.according.to.some.policy..[
25e0	5c 5b 53 52 49 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 2e 6d 6f 7a 69 6c	\[SRI\]](https://developer.mozil
2600	6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 64 6f 63 73 2f 57 65 62 2f 53 65 63 75 72 69 74 79 2f 53	la.org/en-US/docs/Web/Security/S
2620	75 62 72 65 73 6f 75 72 63 65 5f 49 6e 74 65 67 72 69 74 79 29 00 2d 20 41 20 64 6f 6d 61 69 6e	ubresource_Integrity).-.A.domain
2640	20 64 6f 65 73 20 6e 6f 74 20 73 65 72 76 65 20 6d 61 6c 69 63 69 6f 75 73 20 6a 61 76 61 73 63	.does.not.serve.malicious.javasc
2660	72 69 70 74 00 09 5b 5c 5b 42 54 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 6d 6f 7a 69	ript..[\[BT\]](https://wiki.mozi
2680	6c 6c 61 2e 6f 72 67 2f 53 65 63 75 72 69 74 79 2f 42 69 6e 61 72 79 5f 54 72 61 6e 73 70 61 72	lla.org/Security/Binary_Transpar
26a0	65 6e 63 79 29 00 2d 20 45 76 65 72 79 6f 6e 65 20 67 65 74 73 20 74 68 65 20 73 61 6d 65 20 65	ency).-.Everyone.gets.the.same.e
26c0	78 65 63 75 74 61 62 6c 65 20 62 69 6e 61 72 69 65 73 00 45 78 61 6d 70 6c 65 73 20 69 6e 63 6c	xecutable.binaries.Examples.incl
26e0	75 64 65 3a 00 00 62 6c 6f 63 6b 20 74 68 61 74 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20	ude:..block.that.can.be.used.to.
2700	66 61 63 69 6c 69 74 61 74 65 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 66 61 6c 73 69	facilitate.verification.of.falsi
2720	66 69 61 62 6c 65 20 63 6c 61 69 6d 73 2e 00 69 64 65 61 20 69 73 20 74 6f 20 6d 61 6b 65 20 61	fiable.claims..idea.is.to.make.a
2740	20 73 69 67 6e 65 72 27 73 20 5f 6b 65 79 2d 75 73 61 67 65 5f 20 74 72 61 6e 73 70 61 72 65 6e	.signer's._key-usage_.transparen
2760	74 2e 20 20 54 68 69 73 20 69 73 20 61 20 70 6f 77 65 72 66 75 6c 20 62 75 69 6c 64 69 6e 67 00	t...This.is.a.powerful.building.
2780	53 69 67 73 75 6d 20 6c 6f 67 73 20 6d 61 6b 65 20 69 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20	Sigsum.logs.make.it.possible.to.
27a0	61 6e 73 77 65 72 73 20 74 68 65 73 65 20 74 79 70 65 73 20 6f 66 20 71 75 65 73 74 69 6f 6e 73	answers.these.types.of.questions
27c0	2e 20 20 54 68 65 20 62 61 73 69 63 00 00 69 66 20 74 68 65 20 73 69 67 6e 69 6e 67 20 70 61 72	...The.basic..if.the.signing.par
27e0	74 79 20 77 61 73 20 66 6f 72 63 65 64 20 74 6f 20 73 69 67 6e 20 6d 61 6c 69 63 69 6f 75 73 20	ty.was.forced.to.sign.malicious.
2800	64 61 74 61 20 61 67 61 69 6e 73 74 20 74 68 65 69 72 20 77 69 6c 6c 3f 00 48 6f 77 20 77 6f 75	data.against.their.will?.How.wou
2820	6c 64 20 77 65 20 64 65 74 65 63 74 20 69 66 20 73 6f 6d 65 74 68 69 6e 67 20 77 61 73 20 73 69	ld.we.detect.if.something.was.si
2840	67 6e 65 64 20 62 79 20 6d 69 73 74 61 6b 65 2c 20 6f 72 20 65 76 65 6e 20 77 6f 72 73 65 2c 00	gned.by.mistake,.or.even.worse,.
2860	48 6f 77 20 77 6f 75 6c 64 20 77 65 20 64 65 74 65 63 74 20 69 66 20 61 20 73 65 63 72 65 74 20	How.would.we.detect.if.a.secret.
2880	73 69 67 6e 69 6e 67 20 6b 65 79 20 67 6f 74 20 63 6f 6d 70 72 6f 6d 69 73 65 64 3f 00 77 68 65	signing.key.got.compromised?.whe
28a0	74 68 65 72 20 74 68 65 20 73 69 67 6e 65 64 20 64 61 74 61 20 69 73 20 5f 61 63 74 75 61 6c 6c	ther.the.signed.data.is._actuall
28c0	79 20 74 68 65 20 64 61 74 61 20 74 68 61 74 20 73 68 6f 75 6c 64 20 68 61 76 65 20 62 65 65 6e	y.the.data.that.should.have.been
28e0	20 73 69 67 6e 65 64 5f 2e 00 54 68 65 20 70 72 6f 62 6c 65 6d 20 77 69 74 68 20 5f 6a 75 73 74	.signed_..The.problem.with._just
2900	20 64 69 67 69 74 61 6c 20 73 69 67 6e 69 6e 67 5f 20 69 73 20 74 68 61 74 20 69 74 20 69 73 20	.digital.signing_.is.that.it.is.
2920	64 69 66 66 69 63 75 6c 74 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 00 00 54 68 65 20 75 73 65 72	difficult.to.determine..The.user
2940	20 6f 66 20 74 68 65 20 73 69 67 6e 65 64 20 64 61 74 61 20 69 73 20 63 61 6c 6c 65 64 20 61 20	.of.the.signed.data.is.called.a.
2960	5f 76 65 72 69 66 69 65 72 5f 2e 00 54 68 65 20 73 69 67 6e 69 6e 67 20 70 61 72 74 79 20 69 73	_verifier_..The.signing.party.is
2980	20 63 61 6c 6c 65 64 20 61 20 5f 73 69 67 6e 65 72 5f 2e 00 73 69 67 73 75 6d 20 6c 6f 67 67 69	.called.a._signer_..sigsum.loggi
29a0	6e 67 20 61 73 20 70 72 65 2d 68 61 73 68 65 64 20 64 69 67 69 74 61 6c 20 73 69 67 6e 69 6e 67	ng.as.pre-hashed.digital.signing
29c0	20 77 69 74 68 20 74 72 61 6e 73 70 61 72 65 6e 63 79 2e 00 41 20 73 69 67 73 75 6d 20 6c 6f 67	.with.transparency..A.sigsum.log
29e0	20 62 72 69 6e 67 73 20 74 72 61 6e 73 70 61 72 65 6e 63 79 20 74 6f 20 2a 2a 73 69 67 2a 2a 6e	.brings.transparency.to.**sig**n
2a00	65 64 20 63 68 65 63 6b 2a 2a 73 75 6d 2a 2a 73 2e 20 20 59 6f 75 20 63 61 6e 20 74 68 69 6e 6b	ed.check**sum**s...You.can.think
2a20	20 6f 66 00 00 09 5b 5c 5b 41 75 64 69 74 4c 6f 67 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 74 72 61	.of...[\[AuditLog\]](https://tra
2a40	6e 73 70 61 72 65 6e 63 79 2e 64 65 76 2f 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 65 6c 69 61 62	nsparency.dev/application/reliab
2a60	6c 79 2d 6c 6f 67 2d 61 6c 6c 2d 61 63 74 69 6f 6e 73 2d 70 65 72 66 6f 72 6d 65 64 2d 6f 6e 2d	ly-log-all-actions-performed-on-
2a80	79 6f 75 72 2d 73 65 72 76 65 72 73 2f 29 2e 00 6f 72 20 69 73 20 73 6f 6d 65 6f 6e 65 20 72 75	your-servers/)..or.is.someone.ru
2aa0	6e 6e 69 6e 67 20 75 6e 65 78 70 65 63 74 65 64 20 63 6f 6d 6d 61 6e 64 73 20 6f 6e 20 79 6f 75	nning.unexpected.commands.on.you
2ac0	72 20 73 65 72 76 65 72 00 09 5b 5c 5b 43 68 65 63 6b 73 75 6d 44 42 5c 5d 5d 28 68 74 74 70 73	r.server..[\[ChecksumDB\]](https
2ae0	3a 2f 2f 67 6f 2e 67 6f 6f 67 6c 65 73 6f 75 72 63 65 2e 63 6f 6d 2f 70 72 6f 70 6f 73 61 6c 2f	://go.googlesource.com/proposal/
2b00	2b 2f 6d 61 73 74 65 72 2f 64 65 73 69 67 6e 2f 32 35 35 33 30 2d 73 75 6d 64 62 2e 6d 64 29 2c	+/master/design/25530-sumdb.md),
2b20	00 64 69 64 20 79 6f 75 20 67 65 74 20 61 20 64 69 66 66 65 72 65 6e 74 20 47 6f 20 6d 6f 64 75	.did.you.get.a.different.Go.modu
2b40	6c 65 20 74 68 61 6e 20 65 76 65 72 79 6f 6e 65 20 65 6c 73 65 00 09 5b 5c 5b 43 54 5c 5d 5d 28	le.than.everyone.else..[\[CT\]](
2b60	68 74 74 70 73 3a 2f 2f 74 6f 6f 6c 73 2e 69 65 74 66 2e 6f 72 67 2f 68 74 6d 6c 2f 72 66 63 36	https://tools.ietf.org/html/rfc6
2b80	39 36 32 29 2c 00 61 72 65 20 74 68 65 72 65 20 61 6e 79 20 28 6d 69 73 2d 29 69 73 73 75 65 64	962),.are.there.any.(mis-)issued
2ba0	20 54 4c 53 20 63 65 72 74 69 66 69 63 61 74 65 73 00 54 72 61 6e 73 70 61 72 65 6e 63 79 20 6c	.TLS.certificates.Transparency.l
2bc0	6f 67 73 20 6d 61 6b 65 20 69 74 20 70 6f 73 73 69 62 6c 65 20 74 6f 20 64 65 74 65 63 74 20 75	ogs.make.it.possible.to.detect.u
2be0	6e 77 61 6e 74 65 64 20 65 76 65 6e 74 73 2e 20 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 00 23 23	nwanted.events...For.example,.##
2c00	20 31 20 2d 20 49 6e 74 72 6f 64 75 63 74 69 6f 6e 00 00 50 6c 65 61 73 65 20 6c 65 74 20 75 73	.1.-.Introduction..Please.let.us
2c20	20 6b 6e 6f 77 20 69 66 20 79 6f 75 20 68 61 76 65 20 61 6e 79 20 66 65 65 64 62 61 63 6b 2e 00	.know.if.you.have.any.feedback..
2c40	00 72 65 76 69 73 69 6f 6e 20 6f 66 20 74 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 77 69 6c 6c 20	.revision.of.this.document.will.
2c60	62 75 6d 70 20 74 68 65 20 76 65 72 73 69 6f 6e 20 6e 75 6d 62 65 72 20 74 6f 20 76 31 2e 00 54	bump.the.version.number.to.v1..T
2c80	68 69 73 20 69 73 20 61 20 77 6f 72 6b 2d 69 6e 2d 70 72 6f 67 72 65 73 73 20 64 6f 63 75 6d 65	his.is.a.work-in-progress.docume
2ca0	6e 74 20 74 68 61 74 20 6d 61 79 20 62 65 20 6d 6f 76 65 64 20 6f 72 20 6d 6f 64 69 66 69 65 64	nt.that.may.be.moved.or.modified
2cc0	2e 20 20 41 20 66 75 74 75 72 65 00 2a 2a 57 61 72 6e 69 6e 67 2e 2a 2a 00 00 43 65 72 74 69 66	...A.future.**Warning.**..Certif
2ce0	69 63 61 74 65 20 54 72 61 6e 73 70 61 72 65 6e 63 79 20 73 6f 6c 76 65 73 20 61 6e 64 20 68 6f	icate.Transparency.solves.and.ho
2d00	77 2e 00 73 69 67 6e 61 74 75 72 65 73 2c 20 68 61 73 68 20 66 75 6e 63 74 69 6f 6e 73 2c 20 61	w..signatures,.hash.functions,.a
2d20	6e 64 20 4d 65 72 6b 6c 65 20 74 72 65 65 73 2e 20 20 59 6f 75 20 72 6f 75 67 68 6c 79 20 6b 6e	nd.Merkle.trees...You.roughly.kn
2d40	6f 77 20 77 68 61 74 20 70 72 6f 62 6c 65 6d 00 59 6f 75 20 68 61 76 65 20 62 61 73 69 63 20 75	ow.what.problem.You.have.basic.u
2d60	6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 63 72 79 70 74 6f 67 72 61 70 68 69 63 20 70 72	nderstanding.of.cryptographic.pr
2d80	69 6d 69 74 69 76 65 73 2c 20 65 2e 67 2e 2c 20 64 69 67 69 74 61 6c 00 2a 2a 50 72 65 6c 69 6d	imitives,.e.g.,.digital.**Prelim
2da0	69 6e 61 72 69 65 73 2e 2a 2a 00 00 6d 69 6e 69 6d 61 6c 69 73 6d 20 74 68 61 74 20 73 69 6d 70	inaries.**..minimalism.that.simp
2dc0	6c 69 66 69 65 73 20 75 73 61 67 65 2e 00 61 72 63 68 69 74 65 63 74 75 72 65 20 65 76 6f 6c 76	lifies.usage..architecture.evolv
2de0	65 73 20 61 72 6f 75 6e 64 20 63 65 6e 74 72 61 6c 69 7a 65 64 20 6c 6f 67 20 6f 70 65 72 61 74	es.around.centralized.log.operat
2e00	69 6f 6e 73 2c 20 64 69 73 74 72 69 62 75 74 65 64 20 74 72 75 73 74 2c 20 61 6e 64 00 6d 61 6e	ions,.distributed.trust,.and.man
2e20	61 67 65 6d 65 6e 74 20 6f 66 20 65 78 65 63 75 74 61 62 6c 65 20 62 69 6e 61 72 69 65 73 20 61	agement.of.executable.binaries.a
2e40	6e 64 20 70 72 6f 76 65 6e 61 6e 63 65 20 61 72 65 20 74 77 6f 20 65 78 61 6d 70 6c 65 73 2e 20	nd.provenance.are.two.examples..
2e60	20 4f 75 72 00 61 20 62 75 69 6c 64 69 6e 67 20 62 6c 6f 63 6b 20 74 68 61 74 20 63 61 6e 20 62	.Our.a.building.block.that.can.b
2e80	65 20 75 73 65 64 20 66 6f 72 20 61 20 76 61 72 69 65 74 79 20 6f 66 20 75 73 65 2d 63 61 73 65	e.used.for.a.variety.of.use-case
2ea0	73 2e 20 20 54 72 61 6e 73 70 61 72 65 6e 74 00 6d 61 6c 69 63 69 6f 75 73 20 61 6e 64 20 75 6e	s...Transparent.malicious.and.un
2ec0	69 6e 74 65 6e 64 65 64 20 6b 65 79 2d 75 73 61 67 65 20 63 61 6e 20 62 65 20 64 65 74 65 63 74	intended.key-usage.can.be.detect
2ee0	65 64 20 75 73 69 6e 67 20 61 20 73 69 67 73 75 6d 20 6c 6f 67 2e 20 20 54 68 69 73 20 69 73 00	ed.using.a.sigsum.log...This.is.
2f00	6c 6f 67 67 65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 6d 61 6b 65 20 73 69 67 6e 61 74 75 72	logged.in.order.to.make.signatur
2f20	65 20 6f 70 65 72 61 74 69 6f 6e 73 20 74 72 61 6e 73 70 61 72 65 6e 74 2e 20 20 46 6f 72 20 65	e.operations.transparent...For.e
2f40	78 61 6d 70 6c 65 2c 00 63 68 65 63 6b 73 75 6d 20 64 61 74 61 62 61 73 65 2c 20 65 78 63 65 70	xample,.checksum.database,.excep
2f60	74 20 74 68 61 74 20 63 72 79 70 74 6f 67 72 61 70 68 69 63 61 6c 6c 79 20 2a 2a 73 69 67 2a 2a	t.that.cryptographically.**sig**
2f80	6e 65 64 20 63 68 65 63 6b 2a 2a 73 75 6d 2a 2a 73 20 61 72 65 00 57 65 20 70 72 6f 70 6f 73 65	ned.check**sum**s.are.We.propose
2fa0	20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 2e 20 20 49 74 20 69 73 20 73 69 6d 69 6c 61 72 20	.sigsum.logging...It.is.similar.
2fc0	74 6f 20 43 65 72 74 69 66 69 63 61 74 65 20 54 72 61 6e 73 70 61 72 65 6e 63 79 20 61 6e 64 20	to.Certificate.Transparency.and.
2fe0	47 6f 27 73 00 23 20 53 69 67 73 75 6d 20 4c 6f 67 67 69 6e 67 20 44 65 73 69 67 6e 20 76 30 00	Go's.#.Sigsum.Logging.Design.v0.
3000	61 64 00 00 b9 05 00 00 81 06 00 00 00 10 00 00 2b 00 00 00 00 00 00 00 b2 0f 00 00 b1 0f 00 00	ad..............+...............
3020	65 0f 00 00 17 0f 00 00 c9 0e 00 00 79 0e 00 00 78 0e 00 00 55 0e 00 00 14 0e 00 00 e9 0d 00 00	e...........y...x...U...........
3040	62 0d 00 00 17 0d 00 00 c8 0c 00 00 c7 0c 00 00 92 0c 00 00 42 0c 00 00 f5 0b 00 00 a4 0b 00 00	b...................B...........
3060	57 0b 00 00 0a 0b 00 00 e7 0a 00 00 e6 0a 00 00 99 0a 00 00 52 0a 00 00 0f 0a 00 00 0e 0a 00 00	W...................R...........
3080	bd 09 00 00 bc 09 00 00 6e 09 00 00 1e 09 00 00 e0 08 00 00 82 08 00 00 81 08 00 00 72 08 00 00	........n...................r...
30a0	32 08 00 00 ea 07 00 00 b5 07 00 00 7e 07 00 00 2e 07 00 00 f3 06 00 00 d1 06 00 00 a6 06 00 00	2...........~...................
30c0	81 06 00 00 80 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
30e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3100	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3120	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3140	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3160	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3180	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
31a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
31c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
31e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3200	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3220	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3240	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3260	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3280	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
32a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
32c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
32e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3300	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3320	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3340	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3360	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3380	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
33a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
33c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
33e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3400	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3420	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3440	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3460	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3480	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
34a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
34c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
34e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3500	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3520	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3540	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3560	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3580	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
35a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
35c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
35e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3600	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3620	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3640	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3660	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
3680	00 2d 20 57 68 61 74 20 70 6f 6c 69 63 79 20 73 68 6f 75 6c 64 20 61 20 62 65 6c 69 65 76 65 72	.-.What.policy.should.a.believer
36a0	20 75 73 65 3f 00 2d 20 48 6f 77 20 64 6f 65 73 20 69 74 20 77 6f 72 6b 20 77 69 74 68 20 6d 6f	.use?.-.How.does.it.work.with.mo
36c0	72 65 20 74 68 61 6e 20 6f 6e 65 20 6c 6f 67 3f 00 2d 20 41 72 65 20 74 68 65 72 65 20 61 6e 79	re.than.one.log?.-.Are.there.any
36e0	20 70 72 69 76 61 63 79 20 63 6f 6e 63 65 72 6e 73 3f 00 73 68 6f 75 6c 64 20 69 6e 63 6c 75 64	.privacy.concerns?.should.includ
3700	65 20 60 67 65 74 2d 74 72 65 65 2d 68 65 61 64 2d 2a 60 20 65 6e 64 70 6f 69 6e 74 73 20 69 6e	e.`get-tree-head-*`.endpoints.in
3720	20 6d 6f 72 65 20 64 65 74 61 69 6c 2e 00 2d 20 57 68 61 74 20 74 68 6f 75 67 68 74 20 77 65 6e	.more.detail..-.What.thought.wen
3740	74 20 69 6e 74 6f 20 77 69 74 6e 65 73 73 20 63 6f 73 69 67 6e 69 6e 67 3f 20 20 43 6f 6d 70 61	t.into.witness.cosigning?..Compa
3760	72 65 20 77 69 74 68 20 6f 74 68 65 72 20 61 70 70 72 6f 61 63 68 65 73 2c 20 61 6e 64 00 2d 20	re.with.other.approaches,.and.-.
3780	57 68 61 74 20 63 72 79 70 74 6f 67 72 61 70 68 69 63 20 70 72 69 6d 69 74 69 76 65 73 20 61 72	What.cryptographic.primitives.ar
37a0	65 20 73 75 70 70 6f 72 74 65 64 20 61 6e 64 20 77 68 79 3f 00 2d 20 57 68 61 74 20 28 64 65 29	e.supported.and.why?.-.What.(de)
37c0	73 65 72 69 61 6c 69 7a 61 74 69 6f 6e 20 70 61 72 73 65 72 73 20 61 72 65 20 6e 65 65 64 65 64	serialization.parsers.are.needed
37e0	20 61 6e 64 20 77 68 79 3f 00 2d 20 57 68 79 20 6e 6f 74 20 73 74 6f 72 65 20 72 69 63 68 20 6d	.and.why?.-.Why.not.store.rich.m
3800	65 74 61 64 61 74 61 20 69 6e 20 74 68 65 20 6c 6f 67 3f 20 58 58 58 3a 20 61 6e 73 77 65 72 65	etadata.in.the.log?.XXX:.answere
3820	64 20 65 6e 6f 75 67 68 20 61 6c 72 65 61 64 79 3f 00 2d 20 57 68 79 20 6e 6f 74 20 73 74 6f 72	d.enough.already?.-.Why.not.stor
3840	65 20 64 61 74 61 20 69 6e 20 74 68 65 20 6c 6f 67 3f 20 20 58 58 58 3a 20 61 6e 73 77 65 72 65	e.data.in.the.log?..XXX:.answere
3860	64 20 65 6e 6f 75 67 68 20 61 6c 72 65 61 64 79 3f 00 23 23 23 23 20 34 2e 33 20 2d 20 58 58 58	d.enough.already?.####.4.3.-.XXX
3880	00 00 09 5b 5c 5b 54 53 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 2e 73 69 67 73 75 6d 2e 6f	...[\[TS\]](https://git.sigsum.o
38a0	72 67 2f 73 69 67 73 75 6d 2f 63 6f 6d 6d 69 74 2f 3f 69 64 3d 66 65 66 34 36 30 35 38 36 65 38	rg/sigsum/commit/?id=fef460586e8
38c0	34 37 65 33 37 38 61 31 39 37 33 38 31 65 66 31 61 65 33 61 36 34 65 36 65 61 33 38 62 29 2e 00	47e378a197381ef1ae3a64e6ea38b)..
38e0	74 68 65 20 74 69 6d 65 20 6f 66 20 6c 6f 67 67 69 6e 67 2c 20 79 6f 75 20 6d 61 79 20 75 73 65	the.time.of.logging,.you.may.use
3900	20 61 20 63 6f 73 69 67 6e 65 64 20 74 72 65 65 20 68 65 61 64 20 69 6e 73 74 65 61 64 00 73 65	.a.cosigned.tree.head.instead.se
3920	74 20 69 74 20 61 73 20 6c 61 72 67 65 20 61 73 20 70 6f 73 73 69 62 6c 65 2e 20 20 49 66 20 61	t.it.as.large.as.possible...If.a
3940	20 76 65 72 69 66 69 65 64 20 74 69 6d 65 73 74 61 6d 70 20 69 73 20 6e 65 65 64 65 64 20 74 6f	.verified.timestamp.is.needed.to
3960	20 72 65 61 73 6f 6e 20 61 62 6f 75 74 00 4e 6f 74 65 20 74 68 61 74 20 61 20 73 69 67 6e 65 72	.reason.about.Note.that.a.signer
3980	27 73 20 73 68 61 72 64 20 68 69 6e 74 20 69 73 20 6e 6f 74 20 61 20 76 65 72 69 66 69 65 64 20	's.shard.hint.is.not.a.verified.
39a0	74 69 6d 65 73 74 61 6d 70 2e 20 20 57 65 20 72 65 63 6f 6d 6d 65 6e 64 20 74 6f 00 00 53 75 63	timestamp...We.recommend.to..Suc
39c0	68 20 72 65 2d 6c 6f 67 67 69 6e 67 20 61 6c 73 6f 20 63 6f 6d 65 73 20 61 74 20 74 68 65 20 72	h.re-logging.also.comes.at.the.r
39e0	69 73 6b 20 6f 66 20 61 63 74 69 76 61 74 69 6e 67 20 73 6f 6d 65 6f 6e 65 20 65 6c 73 65 27 73	isk.of.activating.someone.else's
3a00	20 72 61 74 65 20 6c 69 6d 69 74 73 2e 00 00 75 6e 73 75 73 74 61 69 6e 61 62 6c 65 20 69 6e 20	.rate.limits...unsustainable.in.
3a20	74 68 65 20 6c 6f 6e 67 20 72 75 6e 20 62 65 63 61 75 73 65 20 6c 6f 67 20 73 69 7a 65 73 20 67	the.long.run.because.log.sizes.g
3a40	72 6f 77 20 69 6e 64 65 66 69 6e 69 74 65 6c 79 2e 00 6e 65 77 65 72 20 6f 6e 65 20 74 68 61 74	row.indefinitely..newer.one.that
3a60	20 6a 75 73 74 20 73 74 61 72 74 65 64 20 69 74 73 20 6f 70 65 72 61 74 69 6f 6e 73 2e 20 20 54	.just.started.its.operations...T
3a80	68 69 73 20 6d 61 6b 65 73 20 6c 6f 67 20 6f 70 65 72 61 74 69 6f 6e 73 00 57 69 74 68 6f 75 74	his.makes.log.operations.Without
3aa0	20 73 68 61 72 64 69 6e 67 2c 20 61 20 67 6f 6f 64 20 53 61 6d 61 72 69 74 61 6e 20 63 61 6e 20	.sharding,.a.good.Samaritan.can.
3ac0	61 64 64 20 61 6c 6c 20 6c 65 61 76 65 73 20 66 72 6f 6d 20 61 6e 20 6f 6c 64 20 6c 6f 67 20 69	add.all.leaves.from.an.old.log.i
3ae0	6e 74 6f 20 61 00 00 65 70 6f 63 68 20 28 4a 61 6e 75 61 72 79 20 31 2c 20 31 39 37 30 20 30 30	nto.a..epoch.(January.1,.1970.00
3b00	3a 30 30 20 55 54 43 29 2e 00 69 6e 74 65 72 76 61 6c 20 61 72 65 20 69 6e 63 6c 75 73 69 76 65	:00.UTC)..interval.are.inclusive
3b20	20 61 6e 64 20 65 78 70 72 65 73 73 65 64 20 61 73 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20	.and.expressed.as.the.number.of.
3b40	73 65 63 6f 6e 64 73 20 73 69 6e 63 65 20 74 68 65 20 55 4e 49 58 00 69 6e 74 65 72 76 61 6c 20	seconds.since.the.UNIX.interval.
3b60	69 73 20 64 65 66 69 6e 65 64 20 62 79 20 61 20 73 74 61 72 74 20 74 69 6d 65 20 61 6e 64 20 61	is.defined.by.a.start.time.and.a
3b80	6e 20 65 6e 64 20 74 69 6d 65 2e 20 20 42 6f 74 68 20 65 6e 64 73 20 6f 66 20 74 68 65 20 73 68	n.end.time...Both.ends.of.the.sh
3ba0	61 72 64 00 73 68 61 72 64 20 68 69 6e 74 2e 20 20 54 68 65 20 73 65 6c 65 63 74 65 64 20 73 68	ard.shard.hint...The.selected.sh
3bc0	61 72 64 20 68 69 6e 74 20 6d 75 73 74 20 62 65 20 69 6e 20 61 20 6c 6f 67 27 73 20 73 68 61 72	ard.hint.must.be.in.a.log's.shar
3be0	64 20 69 6e 74 65 72 76 61 6c 2e 20 20 41 20 73 68 61 72 64 00 63 61 72 72 79 20 61 6e 79 20 73	d.interval...A.shard.carry.any.s
3c00	75 63 68 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 20 20 54 68 65 72 65 66 6f 72 65 2c 20 77 65 20	uch.information...Therefore,.we.
3c20	72 65 71 75 69 72 65 20 74 68 61 74 20 74 68 65 20 73 69 67 6e 65 72 20 73 65 6c 65 63 74 73 20	require.that.the.signer.selects.
3c40	61 00 55 6e 6c 69 6b 65 20 54 4c 53 20 63 65 72 74 69 66 69 63 61 74 65 73 20 77 68 69 63 68 20	a.Unlike.TLS.certificates.which.
3c60	61 6c 72 65 61 64 79 20 68 61 76 65 20 76 61 6c 69 64 69 74 79 20 72 61 6e 67 65 73 2c 20 61 20	already.have.validity.ranges,.a.
3c80	63 68 65 63 6b 73 75 6d 20 64 6f 65 73 20 6e 6f 74 00 23 23 23 23 20 34 2e 32 20 2d 20 57 68 61	checksum.does.not.####.4.2.-.Wha
3ca0	74 20 69 73 20 74 68 65 20 70 6f 69 6e 74 20 6f 66 20 68 61 76 69 6e 67 20 61 20 73 68 61 72 64	t.is.the.point.of.having.a.shard
3cc0	20 68 69 6e 74 3f 00 00 61 62 6f 75 74 2e 20 20 57 65 20 61 72 65 20 73 74 69 6c 6c 20 6f 70 65	.hint?..about...We.are.still.ope
3ce0	6e 20 74 6f 20 72 65 6d 6f 76 65 2c 20 61 64 64 2c 20 6f 72 20 63 68 61 6e 67 65 20 74 68 69 6e	n.to.remove,.add,.or.change.thin
3d00	67 73 20 69 66 20 69 74 20 69 73 20 6d 6f 74 69 76 61 74 65 64 2e 00 49 74 20 6d 61 79 20 62 65	gs.if.it.is.motivated..It.may.be
3d20	20 69 6e 63 6f 6d 70 6c 65 74 65 2c 20 62 75 74 20 63 6f 76 65 72 73 20 73 6f 6d 65 20 64 65 74	.incomplete,.but.covers.some.det
3d40	61 69 6c 73 20 74 68 61 74 20 61 72 65 20 77 6f 72 74 68 20 74 68 69 6e 6b 69 6e 67 20 6d 6f 72	ails.that.are.worth.thinking.mor
3d60	65 00 09 5b 32 30 32 31 2d 31 30 2d 30 35 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 2e 73 69 67 73	e..[2021-10-05](https://git.sigs
3d80	75 6d 2e 6f 72 67 2f 73 69 67 73 75 6d 2f 74 72 65 65 2f 61 72 63 68 69 76 65 2f 32 30 32 31 2d	um.org/sigsum/tree/archive/2021-
3da0	31 30 2d 30 35 2d 6f 70 65 6e 2d 64 65 73 69 67 6e 2d 74 68 6f 75 67 68 74 73 3f 69 64 3d 35 63	10-05-open-design-thoughts?id=5c
3dc0	30 32 37 37 30 62 35 62 64 37 64 34 33 62 39 33 32 37 36 32 33 64 33 64 65 39 61 64 65 64 61 32	02770b5bd7d43b9327623d3de9adeda2
3de0	34 36 38 65 38 34 29 2e 00 41 20 62 72 69 65 66 20 73 75 6d 6d 61 72 79 20 61 70 70 65 61 72 65	468e84)..A.brief.summary.appeare
3e00	64 20 69 6e 20 6f 75 72 20 61 72 63 68 69 76 65 20 6f 6e 00 23 23 23 23 20 34 2e 31 20 2d 20 57	d.in.our.archive.on.####.4.1.-.W
3e20	68 61 74 20 70 61 72 74 73 20 6f 66 20 74 68 65 20 64 65 73 69 67 6e 20 61 72 65 20 77 65 20 73	hat.parts.of.the.design.are.we.s
3e40	74 69 6c 6c 20 74 68 69 6e 6b 69 6e 67 20 61 62 6f 75 74 3f 00 23 23 23 20 34 20 2d 20 46 72 65	till.thinking.about?.###.4.-.Fre
3e60	71 75 65 6e 74 6c 79 20 41 73 6b 65 64 20 51 75 65 73 74 69 6f 6e 73 00 00 63 68 65 63 6b 73 75	quently.Asked.Questions..checksu
3e80	6d 73 20 69 6e 20 74 68 65 20 6c 6f 67 73 2c 20 67 65 6e 65 72 61 74 69 6e 67 20 61 6c 65 72 74	ms.in.the.logs,.generating.alert
3ea0	73 20 69 66 20 75 73 65 2d 63 61 73 65 20 73 70 65 63 69 66 69 63 20 63 6c 61 69 6d 73 20 61 72	s.if.use-case.specific.claims.ar
3ec0	65 20 66 61 6c 73 65 2e 00 61 6e 64 20 64 69 73 74 72 69 62 75 74 69 6e 67 20 6e 65 63 65 73 73	e.false..and.distributing.necess
3ee0	61 72 79 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 2e 20 20 4d	ary.proofs.of.public.logging...M
3f00	6f 6e 69 74 6f 72 20 64 69 73 63 6f 76 65 72 20 73 69 67 6e 65 64 00 64 69 73 74 72 69 62 75 74	onitor.discover.signed.distribut
3f20	69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 2e 20 20 53 69 67 6e 65 72 73 20 61 72 65 20 72 65 73 70	ion.mechanism...Signers.are.resp
3f40	6f 6e 73 69 62 6c 65 20 66 6f 72 20 6c 6f 67 67 69 6e 67 20 73 69 67 6e 65 64 20 63 68 65 63 6b	onsible.for.logging.signed.check
3f60	73 75 6d 73 00 56 65 72 69 66 69 65 72 73 20 69 6e 74 65 72 61 63 74 20 77 69 74 68 20 74 68 65	sums.Verifiers.interact.with.the
3f80	20 6c 6f 67 73 20 69 6e 64 69 72 65 63 74 6c 79 20 74 68 72 6f 75 67 68 20 74 68 65 69 72 20 73	.logs.indirectly.through.their.s
3fa0	69 67 6e 65 72 27 73 20 65 78 69 73 74 69 6e 67 00 00 49 74 20 61 6c 73 6f 20 6b 65 65 70 73 20	igner's.existing..It.also.keeps.
3fc0	6c 6f 67 20 6f 70 65 72 61 74 69 6f 6e 73 20 73 69 6d 70 6c 65 72 20 62 65 63 61 75 73 65 20 74	log.operations.simpler.because.t
3fe0	68 65 72 65 20 61 72 65 20 66 65 77 65 72 20 62 79 74 65 73 20 74 6f 20 6d 61 6e 61 67 65 2e 00	here.are.fewer.bytes.to.manage..
4000	61 64 00 00 8a 0d 00 00 ca 0d 00 00 00 10 00 00 09 00 00 00 00 00 00 00 b1 0f 00 00 6a 0f 00 00	ad..........................j...
4020	59 0f 00 00 04 0f 00 00 03 0f 00 00 b4 0e 00 00 66 0e 00 00 16 0e 00 00 ca 0d 00 00 bf 0d 00 00	Y...............f...............
4040	be 0d 00 00 72 0d 00 00 28 0d 00 00 de 0c 00 00 d5 0c 00 00 85 0c 00 00 81 0c 00 00 28 0c 00 00	....r...(...................(...
4060	dd 0b 00 00 dc 0b 00 00 ce 0b 00 00 80 0b 00 00 62 0b 00 00 5e 0b 00 00 32 0b 00 00 f5 0a 00 00	................b...^...2.......
4080	b4 0a 00 00 76 0a 00 00 3e 0a 00 00 fd 09 00 00 bc 09 00 00 7b 09 00 00 43 09 00 00 07 09 00 00	....v...>...........{...C.......
40a0	c7 08 00 00 8a 08 00 00 52 08 00 00 12 08 00 00 d2 07 00 00 92 07 00 00 6b 07 00 00 3f 07 00 00	........R...............k...?...
40c0	33 07 00 00 02 07 00 00 fe 06 00 00 fd 06 00 00 b1 06 00 00 63 06 00 00 15 06 00 00 c7 05 00 00	3...................c...........
40e0	7b 05 00 00 7a 05 00 00 29 05 00 00 db 04 00 00 90 04 00 00 44 04 00 00 43 04 00 00 fa 03 00 00	{...z...)...........D...C.......
4100	aa 03 00 00 5c 03 00 00 0b 03 00 00 0a 03 00 00 bd 02 00 00 6e 02 00 00 2f 02 00 00 2e 02 00 00	....\...............n.../.......
4120	18 02 00 00 c8 01 00 00 78 01 00 00 3a 01 00 00 38 01 00 00 00 00 00 00 00 64 64 69 73 74 72 69	........x...:...8........ddistri
4140	62 75 74 65 64 20 66 6f 72 6d 20 6f 66 20 74 72 75 73 74 2e 20 20 41 20 74 72 65 65 20 6c 65 61	buted.form.of.trust...A.tree.lea
4160	66 20 63 6f 6e 74 61 69 6e 73 20 66 6f 75 72 20 66 69 65 6c 64 73 3a 00 76 65 72 69 66 79 20 74	f.contains.four.fields:.verify.t
4180	68 61 74 20 74 68 69 73 20 74 72 65 65 20 69 73 20 66 72 65 73 68 20 61 6e 64 20 61 70 70 65 6e	hat.this.tree.is.fresh.and.appen
41a0	64 2d 6f 6e 6c 79 20 62 65 66 6f 72 65 20 63 6f 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 61 63	d-only.before.cosigning.it.to.ac
41c0	68 69 65 76 65 20 61 00 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 6d 61 69 6e 74 61 69 6e 73 20 61	hieve.a.A.sigsum.log.maintains.a
41e0	20 70 75 62 6c 69 63 20 61 70 70 65 6e 64 2d 6f 6e 6c 79 20 4d 65 72 6b 6c 65 20 74 72 65 65 2e	.public.append-only.Merkle.tree.
4200	20 20 49 6e 64 65 70 65 6e 64 65 6e 74 20 77 69 74 6e 65 73 73 65 73 00 23 23 23 20 33 2e 31 20	..Independent.witnesses.###.3.1.
4220	2d 20 4d 65 72 6b 6c 65 20 74 72 65 65 00 00 63 6f 73 69 67 6e 69 6e 67 20 70 72 6f 74 6f 63 6f	-.Merkle.tree..cosigning.protoco
4240	6c 2e 20 20 4d 6f 72 65 20 64 65 74 61 69 6c 20 69 73 20 70 72 6f 76 69 64 65 64 20 69 6e 20 53	l...More.detail.is.provided.in.S
4260	65 63 74 69 6f 6e 20 33 2e 32 2e 33 2e 00 61 64 64 69 74 69 6f 6e 61 6c 20 6f 75 74 62 6f 75 6e	ection.3.2.3..additional.outboun
4280	64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 66 20 61 20 74 68 72 65 73	d.network.connections.if.a.thres
42a0	68 6f 6c 64 20 6f 66 20 77 69 74 6e 65 73 73 65 73 20 66 6f 6c 6c 6f 77 65 64 20 61 00 56 65 72	hold.of.witnesses.followed.a.Ver
42c0	69 66 69 65 72 73 20 61 6e 64 20 6d 6f 6e 69 74 6f 72 73 20 63 61 6e 20 62 65 20 63 6f 6e 76 69	ifiers.and.monitors.can.be.convi
42e0	6e 63 65 64 20 74 68 61 74 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 20 68 61 70 70 65 6e 65	nced.that.public.logging.happene
4300	64 20 77 69 74 68 6f 75 74 00 00 74 68 65 69 72 20 6b 65 79 2d 75 73 61 67 65 20 63 61 6e 20 6e	d.without..their.key-usage.can.n
4320	6f 77 20 62 65 20 76 65 72 69 66 69 65 64 20 62 65 63 61 75 73 65 20 6e 6f 20 73 69 67 6e 69 6e	ow.be.verified.because.no.signin
4340	67 20 6f 70 65 72 61 74 69 6f 6e 20 67 6f 65 73 20 75 6e 6e 6f 74 69 63 65 64 2e 00 6b 65 79 73	g.operation.goes.unnoticed..keys
4360	20 74 68 61 74 20 74 68 65 79 20 61 72 65 20 61 77 61 72 65 20 6f 66 2e 20 20 41 6e 79 20 66 61	.that.they.are.aware.of...Any.fa
4380	6c 73 69 66 69 61 62 6c 65 20 63 6c 61 69 6d 20 74 68 61 74 20 61 20 73 69 67 6e 65 72 20 6d 61	lsifiable.claim.that.a.signer.ma
43a0	6b 65 73 20 61 62 6f 75 74 00 6c 6f 67 67 69 6e 67 2e 20 20 4d 6f 6e 69 74 6f 72 73 20 6c 6f 6f	kes.about.logging...Monitors.loo
43c0	6b 20 66 6f 72 20 73 69 67 6e 65 64 20 63 68 65 63 6b 73 75 6d 73 20 61 6e 64 20 64 61 74 61 20	k.for.signed.checksums.and.data.
43e0	74 68 61 74 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 70 75 62 6c 69 63 00 56 65 72 69 66 69	that.correspond.to.public.Verifi
4400	65 72 73 20 75 73 65 20 74 68 65 20 73 69 67 6e 65 72 27 73 20 64 61 74 61 20 69 66 20 69 74 20	ers.use.the.signer's.data.if.it.
4420	69 73 20 61 63 63 6f 6d 70 61 6e 69 65 64 20 62 79 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c	is.accompanied.by.proofs.of.publ
4440	69 63 00 00 6c 6f 67 67 69 6e 67 2e 20 20 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 64 6f 65 73 20	ic..logging...A.sigsum.log.does.
4460	6e 6f 74 20 68 65 6c 70 20 74 68 65 20 73 69 67 6e 65 72 20 77 69 74 68 20 61 6e 79 20 64 61 74	not.help.the.signer.with.any.dat
4480	61 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 00 74 68 65 20 73 69 67 6e 65 64 20 63 68 65 63 6b	a.distribution..the.signed.check
44a0	73 75 6d 27 73 20 64 61 74 61 20 69 73 20 72 65 61 64 79 20 66 6f 72 20 64 69 73 74 72 69 62 75	sum's.data.is.ready.for.distribu
44c0	74 69 6f 6e 20 77 69 74 68 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 00 69 6e 63 6c 75	tion.with.proofs.of.public.inclu
44e0	73 69 6f 6e 20 70 72 6f 6f 66 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 68 61 74 20 6c 65 61	sion.proof.is.available.that.lea
4500	64 73 20 75 70 20 74 6f 20 61 20 74 72 75 73 74 77 6f 72 74 68 79 20 4d 65 72 6b 6c 65 20 74 72	ds.up.to.a.trustworthy.Merkle.tr
4520	65 65 20 68 65 61 64 2c 00 54 68 65 20 73 69 67 6e 69 6e 67 20 70 61 72 74 79 20 77 61 69 74 73	ee.head,.The.signing.party.waits
4540	20 66 6f 72 20 74 68 65 69 72 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 6f 20 62 65 20 69 6e 63 6c	.for.their.submission.to.be.incl
4560	75 64 65 64 20 69 6e 20 74 68 65 20 6c 6f 67 2e 20 20 57 68 65 6e 20 61 6e 00 00 6b 65 79 20 69	uded.in.the.log...When.an..key.i
4580	73 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 44 4e 53 20 61 73 20 61 20 54 58 54 20 72 65 63	s.configured.in.DNS.as.a.TXT.rec
45a0	6f 72 64 20 74 6f 20 68 65 6c 70 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 73 20 63 6f 6d 62 61 74	ord.to.help.log.operators.combat
45c0	20 73 70 61 6d 2e 00 61 6e 64 20 61 20 68 61 73 68 20 6f 66 20 74 68 65 20 70 75 62 6c 69 63 20	.spam..and.a.hash.of.the.public.
45e0	76 65 72 69 66 69 63 61 74 69 6f 6e 20 6b 65 79 2e 20 20 41 20 68 61 73 68 20 6f 66 20 74 68 65	verification.key...A.hash.of.the
4600	20 70 75 62 6c 69 63 20 76 65 72 69 66 69 63 61 74 69 6f 6e 00 64 61 74 61 2e 20 20 4d 69 6e 69	.public.verification.data...Mini
4620	6d 61 6c 20 6d 65 74 61 64 61 74 61 20 6d 75 73 74 20 61 6c 73 6f 20 62 65 20 6c 6f 67 67 65 64	mal.metadata.must.also.be.logged
4640	2c 20 73 75 63 68 20 61 73 20 74 68 65 20 63 68 65 63 6b 73 75 6d 27 73 20 73 69 67 6e 61 74 75	,.such.as.the.checksum's.signatu
4660	72 65 00 73 74 61 74 65 6d 65 6e 74 20 74 68 61 74 20 73 69 67 73 75 6d 20 6c 6f 67 73 20 61 63	re.statement.that.sigsum.logs.ac
4680	63 65 70 74 2e 20 20 54 68 61 74 20 73 74 61 74 65 6d 65 6e 74 20 65 6e 63 6f 64 65 73 20 61 20	cept...That.statement.encodes.a.
46a0	63 68 65 63 6b 73 75 6d 20 6f 66 20 73 6f 6d 65 00 41 20 73 69 67 6e 65 72 20 77 61 6e 74 73 20	checksum.of.some.A.signer.wants.
46c0	74 6f 20 6d 61 6b 65 20 74 68 65 69 72 20 6b 65 79 2d 75 73 61 67 65 20 74 72 61 6e 73 70 61 72	to.make.their.key-usage.transpar
46e0	65 6e 74 2e 20 20 54 68 65 72 65 66 6f 72 65 2c 20 74 68 65 79 20 73 69 67 6e 20 61 00 00 60 60	ent...Therefore,.they.sign.a..``
4700	60 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 46 69 67 75 72 65 20	`........................Figure.
4720	31 3a 20 73 79 73 74 65 6d 20 6f 76 65 72 76 69 65 77 00 20 20 20 20 20 20 20 20 20 20 20 00 20	1:.system.overview..............
4740	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69	...............................i
4760	6e 76 65 73 74 69 67 61 74 65 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	nvestigate......................
4780	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20	................v...............
47a0	20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20 20 20 7c 20 63 6c 61 69 6d 20 20	.+---------+...........|.claim..
47c0	20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20	.....+----------+...............
47e0	20 7c 20 77 69 74 6e 65 73 73 20 7c 20 20 20 20 20 20 20 20 20 20 20 7c 20 66 61 6c 73 65 20 20	.|.witness.|...........|.false..
4800	20 20 20 20 20 7c 20 56 65 72 69 66 69 65 72 20 7c 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20	.....|.Verifier.|...............
4820	20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 20 20 20 20 20 20	.+---------+...........|........
4840	20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20	.....+----------+...............
4860	20 20 20 76 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20	...v..............+---------+...
4880	20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 2b 2d	........v..................|..+-
48a0	2d 2d 2d 2d 2d 2d 2d 2d 2d 3e 7c 20 4d 6f 6e 69 74 6f 72 20 7c 3c 2d 2d 2d 2d 2d 2d 2d 2b 20 20	--------->|.Monitor.|<-------+..
48c0	7c 70 72 6f 6f 66 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 20 70 72 6f	|proof..................|..|.pro
48e0	6f 66 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 64 61 74 61 20 7c 20 20 7c 6d 65	of.....+---------+...data.|..|me
4900	74 61 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 20 6d 65 74	tadata..................|..|.met
4920	61 64 61 74 61 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 64 61	adata.....................|..|da
4940	74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5e 20 20 7c 20 63 68 65 63 6b 73 75	ta..................^..|.checksu
4960	6d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 00 20 20 2b 2d 2d	m.....................|..|...+--
4980	2d 2d 2d 2b 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20 20	---+.......+---------+..........
49a0	20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 7c 20	...........+--------------+...|.
49c0	44 4e 53 20 7c 2d 2d 2d 2d 2d 2d 3e 7c 20 20 20 4c 6f 67 20 20 20 7c 2d 2d 2d 2d 2d 2d 2d 2d 2d	DNS.|------>|...Log...|---------
49e0	2d 2b 20 20 20 20 20 20 20 20 20 20 7c 20 44 69 73 74 72 69 62 75 74 69 6f 6e 20 7c 00 20 20 2b	-+..........|.Distribution.|...+
4a00	2d 2d 2d 2d 2d 2b 20 48 28 76 6b 29 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 70 72 6f 6f 66	-----+.H(vk).+---------+...proof
4a20	20 20 7c 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20	..|..........+--------------+...
4a40	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 20 20 20 20 20 20 20 20 20 20 20 20 20	..................v.............
4a60	20 20 20 7c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20 20	...|................v...........
4a80	20 20 20 20 20 20 20 20 20 20 7c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5e 20 20 20 20	..........|................^....
4aa0	20 20 20 20 20 20 20 20 20 20 20 20 7c 20 70 72 6f 6f 66 00 20 20 20 20 20 20 20 20 20 20 20 6d	............|.proof............m
4ac0	65 74 61 64 61 74 61 20 7c 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20	etadata.|..........+----------+.
4ae0	20 20 20 20 20 20 20 20 20 20 7c 20 6d 65 74 61 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20 20	..........|.metadata............
4b00	63 68 65 63 6b 73 75 6d 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 7c 20 20 53 69 67 6e 65 72 20 20 7c	checksum.+----------|..Signer..|
4b20	2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20	-----------+.data...............
4b40	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 60 60	.................+----------+.``
4b60	60 00 77 65 20 67 69 76 65 20 61 20 62 72 69 65 66 20 70 72 69 6d 65 72 20 62 65 6c 6f 77 2e 00	`.we.give.a.brief.primer.below..
4b80	41 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 69 73	An.overview.of.sigsum.logging.is
4ba0	20 73 68 6f 77 6e 20 69 6e 20 46 69 67 75 72 65 20 31 2e 20 20 42 65 66 6f 72 65 20 67 6f 69 6e	.shown.in.Figure.1...Before.goin
4bc0	67 20 69 6e 74 6f 20 64 65 74 61 69 6c 00 23 23 20 33 20 2d 20 44 65 73 69 67 6e 00 00 61 74 74	g.into.detail.##.3.-.Design..att
4be0	61 63 6b 73 2e 20 20 20 41 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 20 63 61 6e 20 61 74 20 62 65	acks....A.log.operator.can.at.be
4c00	73 74 20 64 65 6e 79 20 73 65 72 76 69 63 65 20 77 69 74 68 20 74 68 65 73 65 20 61 73 73 75 6d	st.deny.service.with.these.assum
4c20	70 74 69 6f 6e 73 2e 00 09 5b 73 6c 6f 77 2d 64 6f 77 6e 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74	ptions...[slow-down](https://git
4c40	2e 73 69 67 73 75 6d 2e 6f 72 67 2f 73 69 67 73 75 6d 2f 74 72 65 65 2f 61 72 63 68 69 76 65 2f	.sigsum.org/sigsum/tree/archive/
4c60	32 30 32 31 2d 30 38 2d 32 34 2d 63 68 65 63 6b 70 6f 69 6e 74 2d 74 69 6d 65 73 74 61 6d 70 29	2021-08-24-checkpoint-timestamp)
4c80	00 61 6e 64 00 09 5b 73 70 6c 69 74 2d 76 69 65 77 5d 28 68 74 74 70 73 3a 2f 2f 64 61 74 61 74	.and..[split-view](https://datat
4ca0	72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 64 72 61 66 74 2d 69	racker.ietf.org/doc/html/draft-i
4cc0	65 74 66 2d 74 72 61 6e 73 2d 67 6f 73 73 69 70 2d 30 35 29 00 61 74 74 65 6d 70 74 73 00 77 69	etf-trans-gossip-05).attempts.wi
4ce0	74 6e 65 73 73 65 73 20 73 74 6f 70 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c 20	tnesses.stop.following.protocol.
4d00	74 6f 20 70 72 6f 74 65 63 74 20 61 67 61 69 6e 73 74 20 61 20 6d 61 6c 69 63 69 6f 75 73 20 6c	to.protect.against.a.malicious.l
4d20	6f 67 20 74 68 61 74 00 73 69 67 6e 61 74 75 72 65 20 73 63 68 65 6d 65 2e 20 20 57 65 20 61 6c	og.that.signature.scheme...We.al
4d40	73 6f 20 61 73 73 75 6d 65 20 74 68 61 74 20 61 74 20 6d 6f 73 74 20 61 20 74 68 72 65 73 68 6f	so.assume.that.at.most.a.thresho
4d60	6c 64 20 6f 66 20 69 6e 64 65 70 65 6e 64 65 6e 74 00 46 6f 72 20 73 65 63 75 48 6f 77 48 6f 77	ld.of.independent.For.secuHowHow
4d80	65 76 65 72 2c 20 61 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 20 77 6f 75 6c 64 20 6f 6e 6c 79 20	ever,.a.log.operator.would.only.
4da0	64 6f 20 74 68 61 74 20 69 66 20 69 74 20 69 73 20 6c 69 6b 65 6c 79 20 74 6f 20 67 6f 20 75 6e	do.that.if.it.is.likely.to.go.un
4dc0	6e 6f 74 69 63 65 64 2e 00 74 48 6f 77 65 76 65 72 2c 20 61 20 6c 6f 67 20 6f 70 65 72 61 74 6f	noticed..tHowever,.a.log.operato
4de0	72 20 77 6f 75 6c 64 20 6f 6e 6c 79 20 64 6f 20 74 68 61 74 20 69 66 20 69 74 20 69 73 20 6c 69	r.would.only.do.that.if.it.is.li
4e00	6b 65 6c 79 20 74 6f 20 67 6f 20 75 6e 6e 6f 74 69 63 65 64 2e 00 74 68 65 20 73 61 6d 65 20 61	kely.to.go.unnoticed..the.same.a
4e20	70 70 65 6e 64 2d 6f 6e 6c 79 20 4d 65 72 6b 6c 65 20 74 72 65 65 20 74 6f 20 65 76 65 72 79 6f	ppend-only.Merkle.tree.to.everyo
4e40	6e 65 20 62 65 63 61 75 73 65 20 69 74 20 69 73 20 61 74 74 61 63 6b 65 72 2d 63 6f 6e 74 72 6f	ne.because.it.is.attacker-contro
4e60	6c 6c 65 64 2e 00 63 68 65 63 6b 73 75 6d 20 74 68 61 74 20 61 20 76 65 72 69 66 69 65 72 20 77	lled..checksum.that.a.verifier.w
4e80	6f 75 6c 64 20 61 63 63 65 70 74 2e 20 20 41 20 6c 6f 67 20 63 61 6e 20 6d 69 73 62 65 68 61 76	ould.accept...A.log.can.misbehav
4ea0	65 20 62 79 20 6e 6f 74 20 70 72 65 73 65 6e 74 69 6e 67 00 54 68 65 20 6f 76 65 72 61 6c 6c 20	e.by.not.presenting.The.overall.
4ec0	73 79 73 74 65 6d 20 69 73 20 73 61 69 64 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 69 66 20 61	system.is.said.to.be.secure.if.a
4ee0	20 6d 6f 6e 69 74 6f 72 20 63 61 6e 20 64 69 73 63 6f 76 65 72 20 65 76 65 72 79 20 73 69 67 6e	.monitor.can.discover.every.sign
4f00	65 64 00 00 09 5b 5c 5b 44 69 67 69 43 65 72 74 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 67 72 6f 75	ed...[\[DigiCert\]](https://grou
4f20	70 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 2f 63 68 72 6f 6d 69 75 6d 2e 6f 72 67 2f 67 2f 63	ps.google.com/a/chromium.org/g/c
4f40	74 2d 70 6f 6c 69 63 79 2f 63 2f 61 4b 4e 62 5a 75 4a 7a 77 66 4d 29 2e 00 54 72 61 6e 73 70 61	t-policy/c/aKNbZuJzwfM)..Transpa
4f60	72 65 6e 63 79 20 4c 6f 67 00 62 65 65 6e 20 74 68 65 20 63 61 73 65 20 77 68 65 6e 20 61 20 72	rency.Log.been.the.case.when.a.r
4f80	65 6d 6f 74 65 20 63 6f 64 65 20 65 78 65 63 75 74 69 6f 6e 20 77 61 73 20 66 6f 75 6e 64 20 66	emote.code.execution.was.found.f
4fa0	6f 72 20 61 20 43 65 72 74 69 66 69 63 61 74 65 00 64 69 73 74 72 69 62 75 74 65 20 69 74 20 74	or.a.Certificate.distribute.it.t
4fc0	6f 20 61 20 73 75 62 73 65 74 20 6f 66 20 69 73 6f 6c 61 74 65 64 20 76 65 72 69 66 69 65 72 73	o.a.subset.of.isolated.verifiers
4fe0	2e 20 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 69 73 20 63 6f 75 6c 64 20 68 61 76 65 00	...For.example,.this.could.have.
5000	61 64 00 00 6f 02 00 00 7b 03 00 00 00 10 00 00 3c 00 00 00 00 00 00 00 ff 0f 00 00 b3 0f 00 00	ad..o...{.......<...............
5020	69 0f 00 00 1f 0f 00 00 16 0f 00 00 c6 0e 00 00 c2 0e 00 00 69 0e 00 00 1e 0e 00 00 1d 0e 00 00	i...................i...........
5040	0f 0e 00 00 c1 0d 00 00 a3 0d 00 00 9f 0d 00 00 73 0d 00 00 36 0d 00 00 f5 0c 00 00 b7 0c 00 00	................s...6...........
5060	7f 0c 00 00 3e 0c 00 00 fd 0b 00 00 bc 0b 00 00 84 0b 00 00 48 0b 00 00 08 0b 00 00 cb 0a 00 00	....>...............H...........
5080	93 0a 00 00 53 0a 00 00 13 0a 00 00 d3 09 00 00 ac 09 00 00 80 09 00 00 74 09 00 00 43 09 00 00	....S...................t...C...
50a0	3f 09 00 00 3e 09 00 00 f2 08 00 00 a4 08 00 00 56 08 00 00 08 08 00 00 bc 07 00 00 bb 07 00 00	?...>...........V...............
50c0	6a 07 00 00 1c 07 00 00 d1 06 00 00 85 06 00 00 84 06 00 00 3b 06 00 00 eb 05 00 00 9d 05 00 00	j...................;...........
50e0	4c 05 00 00 4b 05 00 00 fe 04 00 00 af 04 00 00 70 04 00 00 6f 04 00 00 59 04 00 00 09 04 00 00	L...K...........p...o...Y.......
5100	b9 03 00 00 7b 03 00 00 70 03 00 00 25 03 00 00 e3 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....{...p...%...................
5120	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5140	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5160	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5180	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
51a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
51c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
51e0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5200	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5220	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5240	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5260	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
5280	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
52a0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	................................
52c0	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 69 73 64 69 73 74 72 69 62 75	.....................disdistribu
52e0	64 69 73 64 69 73 74 72 69 62 75 74 65 64 20 66 6f 72 6d 20 6f 66 20 74 72 75 73 74 2e 20 20 41	disdistributed.form.of.trust...A
5300	20 74 72 65 65 20 6c 65 61 66 20 63 6f 6e 74 61 69 6e 73 20 66 6f 75 72 20 66 69 65 6c 64 73 3a	.tree.leaf.contains.four.fields:
5320	00 76 65 72 69 64 69 73 74 72 69 62 75 74 65 64 20 66 6f 72 6d 20 6f 66 20 74 72 75 73 74 2e 20	.veridistributed.form.of.trust..
5340	20 41 20 74 72 65 65 20 6c 65 61 66 20 63 6f 6e 74 61 69 6e 73 20 66 6f 75 72 20 66 69 65 6c 64	.A.tree.leaf.contains.four.field
5360	73 3a 00 76 65 72 69 66 79 20 74 68 61 74 20 74 64 69 73 74 72 69 62 75 74 65 64 64 69 73 74 72	s:.verify.that.tdistributeddistr
5380	69 62 75 74 65 64 20 66 6f 72 6d 20 6f 66 20 74 72 75 73 74 2e 20 20 41 20 74 72 65 65 20 6c 65	ibuted.form.of.trust...A.tree.le
53a0	61 66 20 63 6f 6e 74 61 69 6e 73 20 66 6f 75 72 20 66 69 65 6c 64 73 3a 00 76 65 72 69 66 79 20	af.contains.four.fields:.verify.
53c0	74 68 61 74 20 74 68 69 73 20 74 72 65 65 20 69 73 20 66 72 65 73 68 20 61 6e 64 20 61 70 70 65	that.this.tree.is.fresh.and.appe
53e0	6e 64 2d 6f 6e 6c 79 20 62 65 66 6f 72 65 20 63 6f 73 69 67 6e 69 6e 67 20 69 74 20 74 6f 20 61	nd-only.before.cosigning.it.to.a
5400	63 68 69 65 76 65 20 61 00 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 6d 61 69 6e 74 61 69 6e 73 20	chieve.a.A.sigsum.log.maintains.
5420	61 20 70 75 62 6c 69 63 20 61 70 70 65 6e 64 2d 6f 6e 6c 79 20 4d 65 72 6b 6c 65 20 74 72 65 65	a.public.append-only.Merkle.tree
5440	2e 20 20 49 6e 64 65 70 65 6e 64 65 6e 74 20 77 69 74 6e 65 73 73 65 73 00 23 23 23 20 33 2e 31	...Independent.witnesses.###.3.1
5460	20 2d 20 4d 65 72 6b 6c 65 20 74 72 65 65 00 00 63 6f 73 69 67 6e 69 6e 67 20 70 72 6f 74 6f 63	.-.Merkle.tree..cosigning.protoc
5480	6f 6c 2e 20 20 4d 6f 72 65 20 64 65 74 61 69 6c 20 69 73 20 70 72 6f 76 69 64 65 64 20 69 6e 20	ol...More.detail.is.provided.in.
54a0	53 65 63 74 69 6f 6e 20 33 2e 32 2e 33 2e 00 61 64 64 69 74 69 6f 6e 61 6c 20 6f 75 74 62 6f 75	Section.3.2.3..additional.outbou
54c0	6e 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 69 66 20 61 20 74 68 72 65	nd.network.connections.if.a.thre
54e0	73 68 6f 6c 64 20 6f 66 20 77 69 74 6e 65 73 73 65 73 20 66 6f 6c 6c 6f 77 65 64 20 61 00 56 65	shold.of.witnesses.followed.a.Ve
5500	72 69 66 69 65 72 73 20 61 6e 64 20 6d 6f 6e 69 74 6f 72 73 20 63 61 6e 20 62 65 20 63 6f 6e 76	rifiers.and.monitors.can.be.conv
5520	69 6e 63 65 64 20 74 68 61 74 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 20 68 61 70 70 65 6e	inced.that.public.logging.happen
5540	65 64 20 77 69 74 68 6f 75 74 00 00 74 68 65 69 72 20 6b 65 79 2d 75 73 61 67 65 20 63 61 6e 20	ed.without..their.key-usage.can.
5560	6e 6f 77 20 62 65 20 76 65 72 69 66 69 65 64 20 62 65 63 61 75 73 65 20 6e 6f 20 73 69 67 6e 69	now.be.verified.because.no.signi
5580	6e 67 20 6f 70 65 72 61 74 69 6f 6e 20 67 6f 65 73 20 75 6e 6e 6f 74 69 63 65 64 2e 00 6b 65 79	ng.operation.goes.unnoticed..key
55a0	73 20 74 68 61 74 20 74 68 65 79 20 61 72 65 20 61 77 61 72 65 20 6f 66 2e 20 20 41 6e 79 20 66	s.that.they.are.aware.of...Any.f
55c0	61 6c 73 69 66 69 61 62 6c 65 20 63 6c 61 69 6d 20 74 68 61 74 20 61 20 73 69 67 6e 65 72 20 6d	alsifiable.claim.that.a.signer.m
55e0	61 6b 65 73 20 61 62 6f 75 74 00 6c 6f 67 67 69 6e 67 2e 20 20 4d 6f 6e 69 74 6f 72 73 20 6c 6f	akes.about.logging...Monitors.lo
5600	6f 6b 20 66 6f 72 20 73 69 67 6e 65 64 20 63 68 65 63 6b 73 75 6d 73 20 61 6e 64 20 64 61 74 61	ok.for.signed.checksums.and.data
5620	20 74 68 61 74 20 63 6f 72 72 65 73 70 6f 6e 64 20 74 6f 20 70 75 62 6c 69 63 00 56 65 72 69 66	.that.correspond.to.public.Verif
5640	69 65 72 73 20 75 73 65 20 74 68 65 20 73 69 67 6e 65 72 27 73 20 64 61 74 61 20 69 66 20 69 74	iers.use.the.signer's.data.if.it
5660	20 69 73 20 61 63 63 6f 6d 70 61 6e 69 65 64 20 62 79 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62	.is.accompanied.by.proofs.of.pub
5680	6c 69 63 00 00 6c 6f 67 67 69 6e 67 2e 20 20 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 64 6f 65 73	lic..logging...A.sigsum.log.does
56a0	20 6e 6f 74 20 68 65 6c 70 20 74 68 65 20 73 69 67 6e 65 72 20 77 69 74 68 20 61 6e 79 20 64 61	.not.help.the.signer.with.any.da
56c0	74 61 20 64 69 73 74 72 69 62 75 74 69 6f 6e 2e 00 74 68 65 20 73 69 67 6e 65 64 20 63 68 65 63	ta.distribution..the.signed.chec
56e0	6b 73 75 6d 27 73 20 64 61 74 61 20 69 73 20 72 65 61 64 79 20 66 6f 72 20 64 69 73 74 72 69 62	ksum's.data.is.ready.for.distrib
5700	75 74 69 6f 6e 20 77 69 74 68 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 00 69 6e 63 6c	ution.with.proofs.of.public.incl
5720	75 73 69 6f 6e 20 70 72 6f 6f 66 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 68 61 74 20 6c 65	usion.proof.is.available.that.le
5740	61 64 73 20 75 70 20 74 6f 20 61 20 74 72 75 73 74 77 6f 72 74 68 79 20 4d 65 72 6b 6c 65 20 74	ads.up.to.a.trustworthy.Merkle.t
5760	72 65 65 20 68 65 61 64 2c 00 54 68 65 20 73 69 67 6e 69 6e 67 20 70 61 72 74 79 20 77 61 69 74	ree.head,.The.signing.party.wait
5780	73 20 66 6f 72 20 74 68 65 69 72 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 6f 20 62 65 20 69 6e 63	s.for.their.submission.to.be.inc
57a0	6c 75 64 65 64 20 69 6e 20 74 68 65 20 6c 6f 67 2e 20 20 57 68 65 6e 20 61 6e 00 00 6b 65 79 20	luded.in.the.log...When.an..key.
57c0	69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 69 6e 20 44 4e 53 20 61 73 20 61 20 54 58 54 20 72 65	is.configured.in.DNS.as.a.TXT.re
57e0	63 6f 72 64 20 74 6f 20 68 65 6c 70 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 73 20 63 6f 6d 62 61	cord.to.help.log.operators.comba
5800	74 20 73 70 61 6d 2e 00 61 6e 64 20 61 20 68 61 73 68 20 6f 66 20 74 68 65 20 70 75 62 6c 69 63	t.spam..and.a.hash.of.the.public
5820	20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6b 65 79 2e 20 20 41 20 68 61 73 68 20 6f 66 20 74 68	.verification.key...A.hash.of.th
5840	65 20 70 75 62 6c 69 63 20 76 65 72 69 66 69 63 61 74 69 6f 6e 00 64 61 74 61 2e 20 20 4d 69 6e	e.public.verification.data...Min
5860	69 6d 61 6c 20 6d 65 74 61 64 61 74 61 20 6d 75 73 74 20 61 6c 73 6f 20 62 65 20 6c 6f 67 67 65	imal.metadata.must.also.be.logge
5880	64 2c 20 73 75 63 68 20 61 73 20 74 68 65 20 63 68 65 63 6b 73 75 6d 27 73 20 73 69 67 6e 61 74	d,.such.as.the.checksum's.signat
58a0	75 72 65 00 73 74 61 74 65 6d 65 6e 74 20 74 68 61 74 20 73 69 67 73 75 6d 20 6c 6f 67 73 20 61	ure.statement.that.sigsum.logs.a
58c0	63 63 65 70 74 2e 20 20 54 68 61 74 20 73 74 61 74 65 6d 65 6e 74 20 65 6e 63 6f 64 65 73 20 61	ccept...That.statement.encodes.a
58e0	20 63 68 65 63 6b 73 75 6d 20 6f 66 20 73 6f 6d 65 00 41 20 73 69 67 6e 65 72 20 77 61 6e 74 73	.checksum.of.some.A.signer.wants
5900	20 74 6f 20 6d 61 6b 65 20 74 68 65 69 72 20 6b 65 79 2d 75 73 61 67 65 20 74 72 61 6e 73 70 61	.to.make.their.key-usage.transpa
5920	72 65 6e 74 2e 20 20 54 68 65 72 65 66 6f 72 65 2c 20 74 68 65 79 20 73 69 67 6e 20 61 00 00 60	rent...Therefore,.they.sign.a..`
5940	60 60 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 46 69 67 75 72 65	``........................Figure
5960	20 31 3a 20 73 79 73 74 65 6d 20 6f 76 65 72 76 69 65 77 00 20 20 20 20 20 20 20 20 20 20 20 00	.1:.system.overview.............
5980	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	................................
59a0	69 6e 76 65 73 74 69 67 61 74 65 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20	investigate.....................
59c0	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20 20 20 20 20	.................v..............
59e0	20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20 20 20 7c 20 63 6c 61 69 6d 20	..+---------+...........|.claim.
5a00	20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 20 20 20 20 20 20 20 20 20 20 20	......+----------+..............
5a20	20 20 7c 20 77 69 74 6e 65 73 73 20 7c 20 20 20 20 20 20 20 20 20 20 20 7c 20 66 61 6c 73 65 20	..|.witness.|...........|.false.
5a40	20 20 20 20 20 20 7c 20 56 65 72 69 66 69 65 72 20 7c 00 20 20 20 20 20 20 20 20 20 20 20 20 20	......|.Verifier.|..............
5a60	20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 20 20 20 20 20	..+---------+...........|.......
5a80	20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 20 20 20 20 20 20 20 20 20 20 20	......+----------+..............
5aa0	20 20 20 20 76 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20	....v..............+---------+..
5ac0	20 20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 2b	.........v..................|..+
5ae0	2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 3e 7c 20 4d 6f 6e 69 74 6f 72 20 7c 3c 2d 2d 2d 2d 2d 2d 2d 2b 20	---------->|.Monitor.|<-------+.
5b00	20 7c 70 72 6f 6f 66 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 20 70 72	.|proof..................|..|.pr
5b20	6f 6f 66 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 64 61 74 61 20 7c 20 20 7c 6d	oof.....+---------+...data.|..|m
5b40	65 74 61 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 20 6d 65	etadata..................|..|.me
5b60	74 61 64 61 74 61 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 64	tadata.....................|..|d
5b80	61 74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5e 20 20 7c 20 63 68 65 63 6b 73	ata..................^..|.checks
5ba0	75 6d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 20 7c 00 20 20 2b 2d	um.....................|..|...+-
5bc0	2d 2d 2d 2d 2b 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 20 20 20 20 20 20	----+.......+---------+.........
5be0	20 20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20 20 7c	............+--------------+...|
5c00	20 44 4e 53 20 7c 2d 2d 2d 2d 2d 2d 3e 7c 20 20 20 4c 6f 67 20 20 20 7c 2d 2d 2d 2d 2d 2d 2d 2d	.DNS.|------>|...Log...|--------
5c20	2d 2d 2b 20 20 20 20 20 20 20 20 20 20 7c 20 44 69 73 74 72 69 62 75 74 69 6f 6e 20 7c 00 20 20	--+..........|.Distribution.|...
5c40	2b 2d 2d 2d 2d 2d 2b 20 48 28 76 6b 29 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 20 20 70 72 6f 6f	+-----+.H(vk).+---------+...proo
5c60	66 20 20 7c 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 20	f..|..........+--------------+..
5c80	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 20 20 20 20 20 20 20 20 20 20 20 20	...................v............
5ca0	20 20 20 20 7c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 00 20 20 20 20 20 20 20 20 20	....|................v..........
5cc0	20 20 20 20 20 20 20 20 20 20 20 7c 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5e 20 20 20	...........|................^...
5ce0	20 20 20 20 20 20 20 20 20 20 20 20 20 7c 20 70 72 6f 6f 66 00 20 20 20 20 20 20 20 20 20 20 20	.............|.proof............
5d00	6d 65 74 61 64 61 74 61 20 7c 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b	metadata.|..........+----------+
5d20	20 20 20 20 20 20 20 20 20 20 20 7c 20 6d 65 74 61 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20	...........|.metadata...........
5d40	20 63 68 65 63 6b 73 75 6d 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 7c 20 20 53 69 67 6e 65 72 20 20	.checksum.+----------|..Signer..
5d60	7c 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 20 64 61 74 61 00 20 20 20 20 20 20 20 20 20 20 20 20 20	|-----------+.data..............
5d80	20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2b 00 60	..................+----------+.`
5da0	60 60 00 77 65 20 67 69 76 65 20 61 20 62 72 69 65 66 20 70 72 69 6d 65 72 20 62 65 6c 6f 77 2e	``.we.give.a.brief.primer.below.
5dc0	00 41 6e 20 6f 76 65 72 76 69 65 77 20 6f 66 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 69	.An.overview.of.sigsum.logging.i
5de0	73 20 73 68 6f 77 6e 20 69 6e 20 46 69 67 75 72 65 20 31 2e 20 20 42 65 66 6f 72 65 20 67 6f 69	s.shown.in.Figure.1...Before.goi
5e00	6e 67 20 69 6e 74 6f 20 64 65 74 61 69 6c 00 23 23 20 33 20 2d 20 44 65 73 69 67 6e 00 00 61 74	ng.into.detail.##.3.-.Design..at
5e20	74 61 63 6b 73 2e 20 20 20 41 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 20 63 61 6e 20 61 74 20 62	tacks....A.log.operator.can.at.b
5e40	65 73 74 20 64 65 6e 79 20 73 65 72 76 69 63 65 20 77 69 74 68 20 74 68 65 73 65 20 61 73 73 75	est.deny.service.with.these.assu
5e60	6d 70 74 69 6f 6e 73 2e 00 09 5b 73 6c 6f 77 2d 64 6f 77 6e 5d 28 68 74 74 70 73 3a 2f 2f 67 69	mptions...[slow-down](https://gi
5e80	74 2e 73 69 67 73 75 6d 2e 6f 72 67 2f 73 69 67 73 75 6d 2f 74 72 65 65 2f 61 72 63 68 69 76 65	t.sigsum.org/sigsum/tree/archive
5ea0	2f 32 30 32 31 2d 30 38 2d 32 34 2d 63 68 65 63 6b 70 6f 69 6e 74 2d 74 69 6d 65 73 74 61 6d 70	/2021-08-24-checkpoint-timestamp
5ec0	29 00 61 6e 64 00 09 5b 73 70 6c 69 74 2d 76 69 65 77 5d 28 68 74 74 70 73 3a 2f 2f 64 61 74 61	).and..[split-view](https://data
5ee0	74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 64 72 61 66 74 2d	tracker.ietf.org/doc/html/draft-
5f00	69 65 74 66 2d 74 72 61 6e 73 2d 67 6f 73 73 69 70 2d 30 35 29 00 61 74 74 65 6d 70 74 73 00 77	ietf-trans-gossip-05).attempts.w
5f20	69 74 6e 65 73 73 65 73 20 73 74 6f 70 20 66 6f 6c 6c 6f 77 69 6e 67 20 70 72 6f 74 6f 63 6f 6c	itnesses.stop.following.protocol
5f40	20 74 6f 20 70 72 6f 74 65 63 74 20 61 67 61 69 6e 73 74 20 61 20 6d 61 6c 69 63 69 6f 75 73 20	.to.protect.against.a.malicious.
5f60	6c 6f 67 20 74 68 61 74 00 73 69 67 6e 61 74 75 72 65 20 73 63 68 65 6d 65 2e 20 20 57 65 20 61	log.that.signature.scheme...We.a
5f80	6c 73 6f 20 61 73 73 75 6d 65 20 74 68 61 74 20 61 74 20 6d 6f 73 74 20 61 20 74 68 72 65 73 68	lso.assume.that.at.most.a.thresh
5fa0	6f 6c 64 20 6f 66 20 69 6e 64 65 70 65 6e 64 65 6e 74 00 46 6f 72 20 73 65 63 75 72 69 74 79 20	old.of.independent.For.security.
5fc0	77 65 20 6e 65 65 64 20 61 20 63 6f 6c 6c 69 73 69 6f 6e 20 72 65 73 69 73 74 61 6e 74 20 68 61	we.need.a.collision.resistant.ha
5fe0	73 68 20 66 75 6e 63 74 69 6f 6e 20 61 6e 64 20 61 6e 20 75 6e 66 6f 72 67 65 61 62 6c 65 00 00	sh.function.and.an.unforgeable..
6000	61 64 00 00 1a 00 00 00 1a 01 00 00 00 10 00 00 39 00 00 00 00 00 00 00 ff 0f 00 00 b0 0f 00 00	ad..............9...............
6020	62 0f 00 00 21 0f 00 00 da 0e 00 00 8f 0e 00 00 8e 0e 00 00 75 0e 00 00 25 0e 00 00 de 0d 00 00	b...!...............u...%.......
6040	90 0d 00 00 40 0d 00 00 ef 0c 00 00 9f 0c 00 00 4c 0c 00 00 fe 0b 00 00 ae 0b 00 00 5e 0b 00 00	....@...........L...........^...
6060	10 0b 00 00 c4 0a 00 00 7b 0a 00 00 2b 0a 00 00 db 09 00 00 8e 09 00 00 3f 09 00 00 f1 08 00 00	........{...+...........?.......
6080	a5 08 00 00 71 08 00 00 1d 08 00 00 cf 07 00 00 81 07 00 00 4d 07 00 00 03 07 00 00 bd 06 00 00	....q...............M...........
60a0	6f 06 00 00 18 06 00 00 cb 05 00 00 81 05 00 00 31 05 00 00 f3 04 00 00 f2 04 00 00 e0 04 00 00	o...............1...............
60c0	91 04 00 00 46 04 00 00 45 04 00 00 31 04 00 00 e3 03 00 00 94 03 00 00 47 03 00 00 f6 02 00 00	....F...E...1...........G.......
60e0	a0 02 00 00 5b 02 00 00 28 02 00 00 b3 01 00 00 b2 01 00 00 62 01 00 00 1a 01 00 00 19 01 00 00	....[...(...........b...........
6100	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 68 69 73 20 63	..........................This.c
6120	6f 76 65 72 73 20 61 20 77 65 61 6b 65 72 20 66 6f 72 6d 20 6f 66 20 61 74 74 61 63 6b 65 72 20	overs.a.weaker.form.of.attacker.
6140	74 68 61 74 20 69 73 20 61 62 6c 65 20 74 6f 20 73 69 67 6e 20 6c 6f 67 20 64 61 74 61 20 61 6e	that.is.able.to.sign.log.data.an
6160	64 00 54 68 65 20 61 74 74 61 63 6b 65 72 20 63 61 6e 20 61 6c 73 6f 20 67 61 69 6e 20 63 6f 6e	d.The.attacker.can.also.gain.con
6180	74 72 6f 6c 20 6f 66 20 74 68 65 20 6c 6f 67 27 73 20 73 69 67 6e 69 6e 67 20 6b 65 79 20 61 6e	trol.of.the.log's.signing.key.an
61a0	64 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 2e 00 00 09 5b 5c 5b 53 6f 6c 61 72 57 69 6e 64	d.infrastructure....[\[SolarWind
61c0	73 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 7a 64 6e 65 74 2e 63 6f 6d 2f 61 72 74 69 63	s\]](https://www.zdnet.com/artic
61e0	6c 65 2f 74 68 69 72 64 2d 6d 61 6c 77 61 72 65 2d 73 74 72 61 69 6e 2d 64 69 73 63 6f 76 65 72	le/third-malware-strain-discover
6200	65 64 2d 69 6e 2d 73 6f 6c 61 72 77 69 6e 64 73 2d 73 75 70 70 6c 79 2d 63 68 61 69 6e 2d 61 74	ed-in-solarwinds-supply-chain-at
6220	74 61 63 6b 2f 29 2e 00 63 6f 6d 70 72 6f 6d 69 73 65 64 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62	tack/)..compromised.should.not.b
6240	65 20 63 6f 6e 74 72 6f 76 65 72 73 69 61 6c 20 74 68 65 73 65 20 64 61 79 73 00 54 68 65 20 66	e.controversial.these.days.The.f
6260	61 63 74 20 74 68 61 74 20 73 69 67 6e 69 6e 67 20 6b 65 79 73 20 61 6e 64 20 72 65 6c 61 74 65	act.that.signing.keys.and.relate
6280	64 20 69 6e 66 72 61 73 74 72 75 63 74 75 72 65 20 63 6f 6d 70 6f 6e 65 6e 74 73 20 67 65 74 00	d.infrastructure.components.get.
62a0	09 5b 5c 5b 46 42 49 2d 41 70 70 6c 65 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 66 66	.[\[FBI-Apple\]](https://www.eff
62c0	2e 6f 72 67 2f 63 61 73 65 73 2f 61 70 70 6c 65 2d 63 68 61 6c 6c 65 6e 67 65 73 2d 66 62 69 2d	.org/cases/apple-challenges-fbi-
62e0	61 6c 6c 2d 77 72 69 74 73 2d 61 63 74 2d 6f 72 64 65 72 29 2e 00 74 68 69 73 20 69 73 20 65 73	all-writs-act-order)..this.is.es
6300	73 65 6e 74 69 61 6c 6c 79 20 77 68 61 74 20 74 68 65 20 46 42 49 20 72 65 71 75 65 73 74 65 64	sentially.what.the.FBI.requested
6320	20 66 72 6f 6d 20 41 70 70 6c 65 20 69 6e 20 74 68 65 20 53 61 6e 20 42 65 72 6e 61 72 64 69 6e	.from.Apple.in.the.San.Bernardin
6340	6f 20 63 61 73 65 00 73 69 67 6e 20 64 61 74 61 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20	o.case.sign.data.and.distribute.
6360	69 74 20 74 6f 20 61 20 73 75 62 73 65 74 20 6f 66 20 69 73 6f 6c 61 74 65 64 20 76 65 72 69 66	it.to.a.subset.of.isolated.verif
6380	69 65 72 73 2e 20 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 00 72 65 6c 65 61 73 65 20 69 6e 66 72	iers...For.example,.release.infr
63a0	61 73 74 72 75 63 74 75 72 65 2e 20 20 54 68 69 73 20 63 6f 76 65 72 73 20 61 20 77 65 61 6b 65	astructure...This.covers.a.weake
63c0	72 20 66 6f 72 6d 20 6f 66 20 61 74 74 61 63 6b 65 72 20 74 68 61 74 20 69 73 20 61 62 6c 65 20	r.form.of.attacker.that.is.able.
63e0	74 6f 00 57 65 20 63 6f 6e 73 69 64 65 72 20 61 20 70 6f 77 65 72 66 75 6c 20 61 74 74 61 63 6b	to.We.consider.a.powerful.attack
6400	65 72 20 74 68 61 74 20 67 61 69 6e 65 64 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 61 20 73 69 67 6e	er.that.gained.control.of.a.sign
6420	65 72 27 73 20 73 69 67 6e 69 6e 67 20 61 6e 64 00 23 23 20 32 20 2d 20 54 68 72 65 61 74 20 6d	er's.signing.and.##.2.-.Threat.m
6440	6f 64 65 6c 00 00 46 69 6e 61 6c 6c 79 2c 20 77 65 20 77 72 61 70 20 75 70 20 77 69 74 68 20 61	odel..Finally,.we.wrap.up.with.a
6460	6e 20 69 6e 63 6f 6d 70 6c 65 74 65 20 66 72 65 71 75 65 6e 74 6c 79 20 61 73 6b 65 64 20 71 75	n.incomplete.frequently.asked.qu
6480	65 73 74 69 6f 6e 73 20 73 65 63 74 69 6f 6e 2e 00 46 69 72 73 74 20 77 65 20 64 65 73 63 72 69	estions.section..First.we.descri
64a0	62 65 20 6f 75 72 20 74 68 72 65 61 74 20 6d 6f 64 65 6c 2e 20 20 54 68 65 6e 20 77 65 20 67 69	be.our.threat.model...Then.we.gi
64c0	76 65 20 61 20 62 69 72 64 27 73 20 76 69 65 77 20 6f 66 20 74 68 65 20 64 65 73 69 67 6e 2e 00	ve.a.bird's.view.of.the.design..
64e0	23 23 23 20 31 2e 33 20 2d 20 52 6f 61 64 6d 61 70 00 00 20 20 20 20 20 20 20 20 5b 41 50 49 5d	###.1.3.-.Roadmap..........[API]
6500	28 68 74 74 70 73 3a 2f 2f 67 69 74 2e 73 69 67 73 75 6d 2e 6f 72 67 2f 73 69 67 73 75 6d 2f 74	(https://git.sigsum.org/sigsum/t
6520	72 65 65 2f 64 6f 63 2f 61 70 69 2e 6d 64 29 2e 00 61 64 64 69 74 69 6f 6e 61 6c 6c 79 20 6e 65	ree/doc/api.md)..additionally.ne
6540	65 64 20 74 6f 20 69 6e 74 65 72 61 63 74 20 77 69 74 68 20 61 20 73 69 67 73 75 6d 20 6c 6f 67	ed.to.interact.with.a.sigsum.log
6560	27 73 20 6c 69 6e 65 2d 74 65 72 6d 69 6e 61 74 65 64 20 41 53 43 49 49 20 48 54 54 50 28 53 29	's.line-terminated.ASCII.HTTP(S)
6580	00 74 68 61 74 20 61 20 76 65 72 69 66 69 65 72 20 69 73 20 72 65 71 75 69 72 65 64 20 74 6f 20	.that.a.verifier.is.required.to.
65a0	73 75 70 70 6f 72 74 2e 20 20 53 69 67 6e 65 72 73 2c 20 6d 6f 6e 69 74 6f 72 73 2c 20 61 6e 64	support...Signers,.monitors,.and
65c0	20 77 69 74 6e 65 73 73 65 73 00 6f 72 20 22 62 79 20 68 61 6e 64 22 20 69 6e 20 6d 61 6e 79 20	.witnesses.or."by.hand".in.many.
65e0	6d 6f 64 65 72 6e 20 70 72 6f 67 72 61 6d 6d 69 6e 67 20 6c 61 6e 67 75 61 67 65 73 2e 20 20 54	modern.programming.languages...T
6600	68 69 73 20 69 73 20 74 68 65 20 6f 6e 6c 79 20 70 61 72 73 69 6e 67 00 09 5b 54 72 75 6e 6e 65	his.is.the.only.parsing..[Trunne
6620	6c 5d 28 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67	l](https://gitlab.torproject.org
6640	2f 74 70 6f 2f 63 6f 72 65 2f 74 72 75 6e 6e 65 6c 2f 2d 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 64 6f	/tpo/core/trunnel/-/blob/main/do
6660	63 2f 74 72 75 6e 6e 65 6c 2e 6d 64 29 2c 00 63 6f 6e 73 74 72 61 69 6e 65 64 20 65 6e 76 69 72	c/trunnel.md),.constrained.envir
6680	6f 6e 6d 65 6e 74 73 2e 20 20 53 69 67 6e 65 64 20 61 6e 64 20 6c 6f 67 67 65 64 20 64 61 74 61	onments...Signed.and.logged.data
66a0	20 63 61 6e 20 62 65 20 28 64 65 29 73 65 72 69 61 6c 69 7a 65 64 20 75 73 69 6e 67 00 69 6e 63	.can.be.(de)serialized.using.inc
66c0	72 65 61 73 65 20 61 74 74 61 63 6b 20 73 75 72 66 61 63 65 73 20 61 6e 64 20 6d 61 6b 65 20 74	rease.attack.surfaces.and.make.t
66e0	68 65 20 73 79 73 74 65 6d 20 6d 6f 72 65 20 64 69 66 66 69 63 75 6c 74 20 74 6f 20 75 73 65 20	he.system.more.difficult.to.use.
6700	69 6e 00 2d 20 2a 2a 53 69 6d 70 6c 65 20 28 64 65 29 73 65 72 69 61 6c 69 7a 61 74 69 6f 6e 20	in.-.**Simple.(de)serialization.
6720	70 61 72 73 65 72 73 3a 2a 2a 20 63 6f 6d 70 6c 65 78 20 28 64 65 29 73 65 72 69 61 6c 69 7a 61	parsers:**.complex.(de)serializa
6740	74 69 6f 6e 20 70 61 72 73 65 72 73 00 70 72 6f 74 6f 63 6f 6c 73 20 61 6e 64 20 64 61 74 61 20	tion.parsers.protocols.and.data.
6760	66 6f 72 6d 61 74 73 20 73 69 6d 70 6c 65 72 20 61 6e 64 20 6d 6f 72 65 20 73 65 63 75 72 65 2e	formats.simpler.and.more.secure.
6780	00 66 75 6e 63 74 69 6f 6e 73 20 61 72 65 20 45 64 32 35 35 31 39 20 61 6e 64 20 53 48 41 32 35	.functions.are.Ed25519.and.SHA25
67a0	36 2e 20 20 4e 6f 74 20 68 61 76 69 6e 67 20 61 6e 79 20 63 72 79 70 74 6f 67 72 61 70 68 69 63	6...Not.having.any.cryptographic
67c0	20 61 67 69 6c 69 74 79 20 6d 61 6b 65 73 00 2d 20 2a 2a 4e 6f 20 63 72 79 70 74 6f 67 72 61 70	.agility.makes.-.**No.cryptograp
67e0	68 69 63 20 61 67 69 6c 69 74 79 2a 2a 3a 20 74 68 65 20 6f 6e 6c 79 20 73 75 70 70 6f 72 74 65	hic.agility**:.the.only.supporte
6800	64 20 73 69 67 6e 61 74 75 72 65 20 73 63 68 65 6d 65 73 20 61 6e 64 20 68 61 73 68 00 09 5b 77	d.signature.schemes.and.hash..[w
6820	69 74 6e 65 73 73 20 63 6f 73 69 67 6e 69 6e 67 5d 28 68 74 74 70 73 3a 2f 2f 69 65 65 65 78 70	itness.cosigning](https://ieeexp
6840	6c 6f 72 65 2e 69 65 65 65 2e 6f 72 67 2f 73 74 61 6d 70 2f 73 74 61 6d 70 2e 6a 73 70 3f 61 72	lore.ieee.org/stamp/stamp.jsp?ar
6860	6e 75 6d 62 65 72 3d 37 35 34 36 35 32 31 29 2e 00 70 72 6f 74 6f 63 6f 6c 20 64 69 72 65 63 74	number=7546521)..protocol.direct
6880	6c 79 20 69 6e 74 6f 20 74 68 65 20 6c 6f 67 2e 20 20 49 74 20 69 73 20 61 20 76 61 72 69 61 6e	ly.into.the.log...It.is.a.varian
68a0	74 20 6f 66 00 6c 6f 67 73 20 72 65 6c 79 20 6f 6e 20 67 6f 73 73 69 70 20 70 72 6f 74 6f 63 6f	t.of.logs.rely.on.gossip.protoco
68c0	6c 73 20 74 6f 20 64 65 74 65 63 74 20 66 6f 72 6b 73 2e 20 20 57 65 20 62 75 69 6c 74 20 61 20	ls.to.detect.forks...We.built.a.
68e0	70 72 6f 61 63 74 69 76 65 20 67 6f 73 73 69 70 00 2d 20 2a 2a 42 75 69 6c 74 2d 69 6e 20 6d 65	proactive.gossip.-.**Built-in.me
6900	63 68 61 6e 69 73 6d 73 20 74 68 61 74 20 65 6e 73 75 72 65 20 61 20 67 6c 6f 62 61 6c 6c 79 20	chanisms.that.ensure.a.globally.
6920	63 6f 6e 73 69 73 74 65 6e 74 20 6c 6f 67 3a 2a 2a 20 74 72 61 6e 73 70 61 72 65 6e 63 79 00 63	consistent.log:**.transparency.c
6940	6f 6d 62 61 74 20 6c 6f 67 20 73 70 61 6d 2e 20 20 53 68 61 72 64 69 6e 67 20 69 73 20 61 6c 73	ombat.log.spam...Sharding.is.als
6960	6f 20 68 65 6c 70 66 75 6c 20 74 6f 20 63 6f 6d 62 61 74 20 6c 6f 67 20 73 70 61 6d 20 69 6e 20	o.helpful.to.combat.log.spam.in.
6980	74 68 65 20 6c 6f 6e 67 20 72 75 6e 2e 00 6c 69 74 74 6c 65 20 6d 65 74 61 64 61 74 61 20 61 73	the.long.run..little.metadata.as
69a0	20 70 6f 73 73 69 62 6c 65 20 74 6f 20 63 6f 6d 62 61 74 20 6c 6f 67 20 70 6f 69 73 6f 6e 69 6e	.possible.to.combat.log.poisonin
69c0	67 2e 20 20 57 65 20 70 69 67 67 79 62 61 63 6b 20 6f 6e 20 44 4e 53 20 74 6f 00 66 72 6f 6d 20	g...We.piggyback.on.DNS.to.from.
69e0	61 6e 79 6f 6e 65 20 61 74 20 61 72 62 69 74 72 61 72 79 20 72 61 74 65 73 20 63 61 6e 20 6c 65	anyone.at.arbitrary.rates.can.le
6a00	61 64 20 74 6f 20 61 62 75 73 69 76 65 20 75 73 61 67 65 20 70 61 74 74 65 72 6e 73 2e 20 20 57	ad.to.abusive.usage.patterns...W
6a20	65 20 73 74 6f 72 65 20 61 73 00 70 6f 73 73 69 62 6c 65 20 74 68 65 79 20 73 68 6f 75 6c 64 20	e.store.as.possible.they.should.
6a40	62 65 20 6f 70 65 6e 20 66 6f 72 20 65 76 65 72 79 6f 6e 65 2e 20 20 48 6f 77 65 76 65 72 2c 20	be.open.for.everyone...However,.
6a60	61 63 63 65 70 74 69 6e 67 20 6c 6f 67 67 69 6e 67 20 72 65 71 75 65 73 74 73 00 2d 20 2a 2a 44	accepting.logging.requests.-.**D
6a80	65 66 65 6e 73 65 73 20 61 67 61 69 6e 73 74 20 6c 6f 67 20 73 70 61 6d 20 61 6e 64 20 70 6f 69	efenses.against.log.spam.and.poi
6aa0	73 6f 6e 69 6e 67 3a 2a 2a 20 74 6f 20 6b 65 65 70 20 6c 6f 67 73 20 61 73 20 75 73 65 66 75 6c	soning:**.to.keep.logs.as.useful
6ac0	20 61 73 00 61 6e 20 6f 6c 64 65 72 20 6c 6f 67 20 73 68 61 72 64 20 63 61 6e 6e 6f 74 20 62 65	.as.an.older.log.shard.cannot.be
6ae0	20 72 65 70 6c 61 79 65 64 20 69 6e 20 61 6e 6f 74 68 65 72 20 6e 6f 6e 2d 6f 76 65 72 6c 61 70	.replayed.in.another.non-overlap
6b00	70 69 6e 67 20 6c 6f 67 20 73 68 61 72 64 2e 00 74 68 61 74 20 64 65 74 65 72 6d 69 6e 65 73 20	ping.log.shard..that.determines.
6b20	74 68 65 20 74 69 6d 65 20 64 75 72 69 6e 67 20 77 68 69 63 68 20 74 68 65 20 6c 6f 67 20 77 69	the.time.during.which.the.log.wi
6b40	6c 6c 20 62 65 20 61 63 74 69 76 65 2e 20 20 53 75 62 6d 69 73 73 69 6f 6e 73 20 74 6f 00 74 68	ll.be.active...Submissions.to.th
6b60	61 6e 20 63 6c 6f 73 69 6e 67 20 69 74 20 64 6f 77 6e 20 69 6e 20 61 20 72 65 6c 69 61 62 6c 65	an.closing.it.down.in.a.reliable
6b80	20 77 61 79 2e 20 20 57 65 20 68 61 76 65 20 61 20 70 72 65 64 65 66 69 6e 65 64 20 73 68 61 72	.way...We.have.a.predefined.shar
6ba0	64 69 6e 67 20 69 6e 74 65 72 76 61 6c 00 2d 20 2a 2a 53 68 61 72 64 69 6e 67 20 74 6f 20 73 69	ding.interval.-.**Sharding.to.si
6bc0	6d 70 6c 69 66 79 20 6c 6f 67 20 6c 69 66 65 20 63 79 63 6c 65 73 3a 2a 2a 20 73 74 61 72 74 69	mplify.log.life.cycles:**.starti
6be0	6e 67 20 74 6f 20 6f 70 65 72 61 74 65 20 61 20 6c 6f 67 20 69 73 20 65 61 73 69 65 72 00 49 6e	ng.to.operate.a.log.is.easier.In
6c00	20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20 74 68 65 20 73 69 67 6e 65 72 20 74 61 6c 6b 73 20 74	.other.words,.the.signer.talks.t
6c20	6f 20 74 68 65 20 6c 6f 67 20 6f 6e 20 62 65 68 61 6c 66 20 6f 66 20 74 68 65 20 76 65 72 69 66	o.the.log.on.behalf.of.the.verif
6c40	79 69 6e 67 20 70 61 72 74 79 2e 00 75 73 69 6e 67 20 74 68 65 20 73 61 6d 65 20 64 69 73 74 72	ying.party..using.the.same.distr
6c60	69 62 75 74 69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 20 61 73 20 69 73 20 75 73 65 64 20 66 6f 72	ibution.mechanism.as.is.used.for
6c80	20 64 69 73 74 72 69 62 75 74 69 6e 67 20 74 68 65 20 61 63 74 75 61 6c 20 64 61 74 61 2e 00 61	.distributing.the.actual.data..a
6ca0	64 64 69 74 69 6f 6e 61 6c 20 6f 75 74 62 6f 75 6e 64 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65	dditional.outbound.network.conne
6cc0	63 74 69 6f 6e 73 2e 20 20 50 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e	ctions...Proofs.of.public.loggin
6ce0	67 20 61 72 65 20 70 72 6f 76 69 64 65 64 00 2d 20 2a 2a 50 72 65 73 65 72 76 65 64 20 64 61 74	g.are.provided.-.**Preserved.dat
6d00	61 20 66 6c 6f 77 73 3a 2a 2a 20 61 20 76 65 72 69 66 69 65 72 20 63 61 6e 20 65 6e 66 6f 72 63	a.flows:**.a.verifier.can.enforc
6d20	65 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 77 69 74 68 6f 75 74 20 6d 61 6b 69 6e 67 00	e.sigsum.logging.without.making.
6d40	62 75 74 20 69 74 20 69 73 20 6d 61 74 75 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 63 61 70 74 75	but.it.is.mature.enough.to.captu
6d60	72 65 20 77 68 61 74 20 74 79 70 65 20 6f 66 20 65 63 6f 73 79 73 74 65 6d 20 77 65 20 77 61 6e	re.what.type.of.ecosystem.we.wan
6d80	74 20 74 6f 20 62 6f 6f 74 73 74 72 61 70 2e 00 70 72 6f 70 65 72 74 69 65 73 2e 20 20 49 74 20	t.to.bootstrap..properties...It.
6da0	64 6f 65 73 20 6e 6f 74 20 6d 65 61 6e 20 74 68 61 74 20 74 68 65 20 73 69 67 73 75 6d 20 6c 6f	does.not.mean.that.the.sigsum.lo
6dc0	67 20 64 65 73 69 67 6e 20 69 73 20 73 65 74 20 69 6e 20 73 74 6f 6e 65 20 79 65 74 2c 00 6f 66	g.design.is.set.in.stone.yet,.of
6de0	20 73 69 67 73 75 6d 20 6c 6f 67 73 2c 20 75 6c 74 69 6d 61 74 65 6c 79 20 6c 65 61 76 69 6e 67	.sigsum.logs,.ultimately.leaving
6e00	20 75 73 20 77 69 74 68 20 61 20 64 65 73 69 67 6e 20 74 68 61 74 20 68 61 73 20 74 68 65 20 62	.us.with.a.design.that.has.the.b
6e20	65 6c 6f 77 00 49 74 20 69 73 20 66 61 69 72 20 74 6f 20 73 61 79 20 74 68 61 74 20 6d 75 63 68	elow.It.is.fair.to.say.that.much
6e40	20 74 68 6f 75 67 68 20 77 65 6e 74 20 69 6e 74 6f 20 5f 72 65 6d 6f 76 69 6e 67 5f 20 75 6e 77	.though.went.into._removing_.unw
6e60	61 6e 74 65 64 20 75 73 61 67 65 2d 70 61 74 74 65 72 6e 73 00 23 23 23 20 31 2e 32 20 2d 20 4c	anted.usage-patterns.###.1.2.-.L
6e80	6f 67 20 70 72 6f 70 65 72 74 69 65 73 00 00 09 5b 47 32 5c 5d 5d 28 68 74 74 70 73 3a 2f 2f 64	og.properties...[G2\]](https://d
6ea0	61 74 61 74 72 61 63 6b 65 72 2e 69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 64 72 61	atatracker.ietf.org/doc/html/dra
6ec0	66 74 2d 69 65 74 66 2d 74 72 61 6e 73 2d 67 6f 73 73 69 70 2d 30 35 29 2e 00 09 5b 5c 5b 47 31	ft-ietf-trans-gossip-05)...[\[G1
6ee0	2c 5d 28 68 74 74 70 73 3a 2f 2f 69 65 65 65 78 70 6c 6f 72 65 2e 69 65 65 65 2e 6f 72 67 2f 73	,](https://ieeexplore.ieee.org/s
6f00	74 61 6d 70 2f 73 74 61 6d 70 2e 6a 73 70 3f 61 72 6e 75 6d 62 65 72 3d 37 33 34 36 38 35 33 29	tamp/stamp.jsp?arnumber=7346853)
6f20	00 70 72 6f 6d 69 73 65 73 2c 20 61 6e 64 20 64 65 70 6c 6f 79 6d 65 6e 74 20 6f 66 20 61 20 67	.promises,.and.deployment.of.a.g
6f40	6f 73 73 69 70 20 70 72 6f 74 6f 63 6f 6c 20 74 68 61 74 20 73 75 69 74 73 20 74 68 65 20 77 65	ossip.protocol.that.suits.the.we
6f60	62 00 73 74 6f 72 61 67 65 20 6f 66 20 61 72 62 69 74 72 61 72 79 20 63 65 72 74 69 66 69 63 61	b.storage.of.arbitrary.certifica
6f80	74 65 20 66 69 65 6c 64 73 2c 20 72 65 61 63 74 69 76 65 20 61 75 64 69 74 69 6e 67 20 6f 66 20	te.fields,.reactive.auditing.of.
6fa0	63 6f 6d 70 6c 69 63 61 74 65 64 20 6c 6f 67 00 54 68 69 73 20 69 73 20 69 6e 20 63 6f 6e 74 72	complicated.log.This.is.in.contr
6fc0	61 73 74 20 74 6f 20 43 65 72 74 69 66 69 63 61 74 65 20 54 72 61 6e 73 70 61 72 65 6e 63 79 2c	ast.to.Certificate.Transparency,
6fe0	20 77 68 69 63 68 20 72 65 71 75 69 72 65 73 20 41 53 4e 2e 31 20 70 61 72 73 69 6e 67 2c 00 00	.which.requires.ASN.1.parsing,..
7000	61 64 00 00 16 00 00 00 3e 01 00 00 00 10 00 00 43 00 00 00 00 00 00 00 af 0f 00 00 5f 0f 00 00	ad......>.......C..........._...
7020	28 0f 00 00 d8 0e 00 00 c8 0e 00 00 7d 0e 00 00 5d 0e 00 00 0e 0e 00 00 ed 0d 00 00 ec 0d 00 00	(...........}...]...............
7040	a3 0d 00 00 6f 0d 00 00 6e 0d 00 00 1f 0d 00 00 d1 0c 00 00 d0 0c 00 00 80 0c 00 00 34 0c 00 00	....o...n...................4...
7060	e4 0b 00 00 e3 0b 00 00 cb 0b 00 00 ac 0b 00 00 63 0b 00 00 13 0b 00 00 c8 0a 00 00 7d 0a 00 00	................c...........}...
7080	7c 0a 00 00 2c 0a 00 00 dd 09 00 00 a4 09 00 00 a3 09 00 00 55 09 00 00 08 09 00 00 cd 08 00 00	|...,...............U...........
70a0	cc 08 00 00 b0 08 00 00 62 08 00 00 17 08 00 00 db 07 00 00 da 07 00 00 8a 07 00 00 3a 07 00 00	........b...................:...
70c0	f1 06 00 00 f0 06 00 00 a6 06 00 00 57 06 00 00 06 06 00 00 b7 05 00 00 67 05 00 00 2a 05 00 00	............W...........g...*...
70e0	29 05 00 00 de 04 00 00 8d 04 00 00 3f 04 00 00 f0 03 00 00 a1 03 00 00 45 03 00 00 44 03 00 00	)...........?...........E...D...
7100	f4 02 00 00 a8 02 00 00 70 02 00 00 6f 02 00 00 22 02 00 00 d4 01 00 00 83 01 00 00 3f 01 00 00	........p...o..."...........?...
7120	3e 01 00 00 3d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73	>...=..........................s
7140	69 67 6e 65 72 20 68 61 73 20 74 6f 20 77 61 69 74 20 66 6f 72 20 61 6e 20 69 6e 63 6c 75 73 69	igner.has.to.wait.for.an.inclusi
7160	6f 6e 20 70 72 6f 6f 66 20 61 6e 64 20 61 20 63 6f 73 69 67 6e 65 64 20 74 72 65 65 20 68 65 61	on.proof.and.a.cosigned.tree.hea
7180	64 2e 00 43 65 72 74 69 66 69 63 61 74 65 20 54 72 61 6e 73 70 61 72 65 6e 63 79 2e 20 20 54 68	d..Certificate.Transparency...Th
71a0	65 72 65 66 6f 72 65 2c 20 73 69 67 73 75 6d 20 6c 6f 67 73 20 64 6f 20 6e 6f 74 20 70 72 6f 76	erefore,.sigsum.logs.do.not.prov
71c0	69 64 65 20 6c 6f 77 2d 6c 61 74 65 6e 63 79 2e 20 20 41 00 72 65 71 75 65 73 74 20 69 73 20 61	ide.low-latency...A.request.is.a
71e0	63 63 65 70 74 65 64 2e 20 20 54 68 65 72 65 20 61 72 65 20 68 6f 77 65 76 65 72 20 6e 6f 20 5f	ccepted...There.are.however.no._
7200	70 72 6f 6d 69 73 65 73 20 6f 66 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 5f 20 61 73 20 69	promises.of.public.logging_.as.i
7220	6e 00 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 5f 74 72 69 65 73 5f 20 74 6f 20 69 6e 63 6f 72 70	n.A.sigsum.log._tries_.to.incorp
7240	6f 72 61 74 65 20 61 20 6c 65 61 66 20 69 6e 74 6f 20 69 74 73 20 4d 65 72 6b 6c 65 20 74 72 65	orate.a.leaf.into.its.Merkle.tre
7260	65 20 69 66 20 61 20 6c 6f 67 67 69 6e 67 00 00 6d 61 6e 61 67 65 6d 65 6e 74 2e 20 20 4f 75 72	e.if.a.logging..management...Our
7280	20 77 6f 72 6b 20 69 73 20 61 62 6f 75 74 20 74 72 61 6e 73 70 61 72 65 6e 74 20 5f 6b 65 79 2d	.work.is.about.transparent._key-
72a0	75 73 61 67 65 5f 2e 00 6d 6f 72 65 20 63 6f 6d 70 6c 65 78 20 74 68 61 6e 20 74 68 61 74 2e 20	usage_..more.complex.than.that..
72c0	20 41 20 73 65 70 61 72 61 74 65 20 70 72 6f 6a 65 63 74 20 73 68 6f 75 6c 64 20 66 6f 63 75 73	.A.separate.project.should.focus
72e0	20 6f 6e 20 74 72 61 6e 73 70 61 72 65 6e 74 20 6b 65 79 00 41 20 73 69 67 6e 65 72 27 73 20 64	.on.transparent.key.A.signer's.d
7300	6f 6d 61 69 6e 20 68 69 6e 74 20 69 73 20 6e 6f 74 20 70 61 72 74 20 6f 66 20 74 68 65 20 6c 6f	omain.hint.is.not.part.of.the.lo
7320	67 67 65 64 20 6c 65 61 66 20 62 65 63 61 75 73 65 20 6b 65 79 20 6d 61 6e 61 67 65 6d 65 6e 74	gged.leaf.because.key.management
7340	20 69 73 00 00 20 20 20 20 20 20 20 20 5b 63 6f 73 6d 69 63 20 72 61 79 73 5d 28 68 74 74 70 73	.is..........[cosmic.rays](https
7360	3a 2f 2f 67 72 6f 75 70 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 2f 63 68 72 6f 6d 69 75 6d 2e	://groups.google.com/a/chromium.
7380	6f 72 67 2f 67 2f 63 74 2d 70 6f 6c 69 63 79 2f 63 2f 50 43 6b 4b 55 33 35 37 4d 32 51 2f 29 2e	org/g/ct-policy/c/PCkKU357M2Q/).
73a0	00 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 6c 6f 67 20 74 6f 20 62 65 20 72 65 6c 69 61 62 6c	.more.than.one.log.to.be.reliabl
73c0	65 20 69 6e 20 63 61 73 65 20 6f 66 20 64 6f 77 6e 74 69 6d 65 20 6f 72 20 75 6e 65 78 70 65 63	e.in.case.of.downtime.or.unexpec
73e0	74 65 64 20 65 76 65 6e 74 73 20 6c 69 6b 65 00 77 69 74 68 6f 75 74 20 63 6f 6f 72 64 69 6e 61	ted.events.like.without.coordina
7400	74 69 6f 6e 2e 20 20 54 68 69 73 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 62 65 63 61 75 73 65	tion...This.is.important.because
7420	20 61 20 68 65 61 6c 74 68 79 20 6c 6f 67 20 65 63 6f 73 79 73 74 65 6d 20 6e 65 65 64 73 00 74	.a.healthy.log.ecosystem.needs.t
7440	68 61 74 20 74 68 65 20 73 61 6d 65 20 61 6e 74 69 2d 73 70 61 6d 20 6d 65 63 68 61 6e 69 73 6d	hat.the.same.anti-spam.mechanism
7460	20 63 61 6e 20 62 65 20 75 73 65 64 20 61 63 72 6f 73 73 20 73 65 76 65 72 61 6c 20 69 6e 64 65	.can.be.used.across.several.inde
7480	70 65 6e 64 65 6e 74 20 6c 6f 67 73 00 64 6f 6d 61 69 6e 20 6e 61 6d 65 2e 20 20 41 20 73 69 6e	pendent.logs.domain.name...A.sin
74a0	67 6c 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 73 20 61 6c 73 6f 20 72 65 6c 61 74 69 76 65	gle.domain.name.is.also.relative
74c0	6c 79 20 63 68 65 61 70 2e 20 20 41 6e 6f 74 68 65 72 20 62 65 6e 65 66 69 74 20 69 73 00 55 73	ly.cheap...Another.benefit.is.Us
74e0	69 6e 67 20 44 4e 53 20 74 6f 20 63 6f 6d 62 61 74 20 73 70 61 6d 20 69 73 20 63 6f 6e 76 65 6e	ing.DNS.to.combat.spam.is.conven
7500	69 65 6e 74 20 62 65 63 61 75 73 65 20 6d 61 6e 79 20 73 69 67 6e 65 72 73 20 61 6c 72 65 61 64	ient.because.many.signers.alread
7520	79 20 68 61 76 65 20 61 00 00 6c 6f 67 20 69 6e 20 61 6e 79 20 73 69 67 6e 69 66 69 63 61 6e 74	y.have.a..log.in.any.significant
7540	20 77 61 79 20 69 66 20 72 61 74 65 20 6c 69 6d 69 74 73 20 61 72 65 20 6e 6f 74 20 74 6f 6f 20	.way.if.rate.limits.are.not.too.
7560	6c 6f 6f 73 65 2e 00 73 65 63 6f 6e 64 2d 6c 65 76 65 6c 20 64 6f 6d 61 69 6e 2e 20 20 59 6f 75	loose..second-level.domain...You
7580	20 77 6f 75 6c 64 20 6e 65 65 64 20 61 20 6c 61 72 67 65 20 6e 75 6d 62 65 72 20 6f 66 20 64 6f	.would.need.a.large.number.of.do
75a0	6d 61 69 6e 20 6e 61 6d 65 73 20 74 6f 20 73 70 61 6d 20 74 68 65 00 64 6f 6d 61 69 6e 20 74 68	main.names.to.spam.the.domain.th
75c0	61 74 20 69 73 20 61 77 61 72 65 20 6f 66 20 74 68 65 69 72 20 76 65 72 69 66 69 63 61 74 69 6f	at.is.aware.of.their.verificatio
75e0	6e 20 6b 65 79 2c 20 72 61 74 65 20 6c 69 6d 69 74 73 20 63 61 6e 20 62 65 20 61 70 70 6c 69 65	n.key,.rate.limits.can.be.applie
7600	64 20 70 65 72 00 6d 61 74 63 68 20 74 68 65 20 70 75 62 6c 69 63 20 76 65 72 69 66 69 63 61 74	d.per.match.the.public.verificat
7620	69 6f 6e 20 6b 65 79 20 68 61 73 68 2e 20 20 42 79 20 76 65 72 69 66 79 69 6e 67 20 74 68 61 74	ion.key.hash...By.verifying.that
7640	20 61 6c 6c 20 73 69 67 6e 65 72 73 20 63 6f 6e 74 72 6f 6c 20 61 00 72 65 73 6f 75 72 63 65 20	.all.signers.control.a.resource.
7660	72 65 63 6f 72 64 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 70 72 6f 76 69 64 65 64 20 64 6f 6d	record.based.on.the.provided.dom
7680	61 69 6e 20 6e 61 6d 65 2e 20 20 54 68 65 20 64 6f 77 6e 6c 6f 61 64 65 64 20 72 65 73 75 6c 74	ain.name...The.downloaded.result
76a0	20 6d 75 73 74 00 54 68 65 20 73 69 67 6e 65 72 20 61 6c 73 6f 20 73 75 62 6d 69 74 73 20 61 20	.must.The.signer.also.submits.a.
76c0	5f 64 6f 6d 61 69 6e 20 68 69 6e 74 5f 2e 20 20 54 68 65 20 6c 6f 67 20 77 69 6c 6c 20 64 6f 77	_domain.hint_...The.log.will.dow
76e0	6e 6c 6f 61 64 20 61 20 44 4e 53 20 54 58 54 00 00 74 68 65 20 73 69 67 6e 61 74 75 72 65 20 69	nload.a.DNS.TXT..the.signature.i
7700	73 20 76 61 6c 69 64 2c 20 74 68 65 6e 20 68 61 73 68 65 73 20 69 74 20 74 6f 20 63 6f 6e 73 74	s.valid,.then.hashes.it.to.const
7720	72 75 63 74 20 74 68 65 20 6c 65 61 66 27 73 20 6b 65 79 20 68 61 73 68 2e 00 6b 65 79 20 61 73	ruct.the.leaf's.key.hash..key.as
7740	20 6b 65 79 2d 76 61 6c 75 65 20 70 61 69 72 73 2e 20 20 54 68 65 20 6c 6f 67 20 75 73 65 73 20	.key-value.pairs...The.log.uses.
7760	74 68 65 20 70 75 62 6c 69 63 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 6f 20 63	the.public.verification.key.to.c
7780	68 65 63 6b 20 74 68 61 74 00 41 20 73 69 67 6e 65 72 20 73 75 62 6d 69 74 73 20 74 68 65 69 72	heck.that.A.signer.submits.their
77a0	20 73 68 61 72 64 20 68 69 6e 74 2c 20 63 68 65 63 6b 73 75 6d 2c 20 73 69 67 6e 61 74 75 72 65	.shard.hint,.checksum,.signature
77c0	2c 20 61 6e 64 20 70 75 62 6c 69 63 20 76 65 72 69 66 69 63 61 74 69 6f 6e 00 00 62 65 63 61 75	,.and.public.verification..becau
77e0	73 65 20 74 68 65 20 65 78 63 68 61 6e 67 65 64 20 64 61 74 61 20 73 74 72 75 63 74 75 72 65 73	se.the.exchanged.data.structures
7800	20 61 72 65 20 70 72 69 6d 69 74 69 76 65 20 65 6e 6f 75 67 68 2e 00 75 73 65 73 20 61 20 73 69	.are.primitive.enough..uses.a.si
7820	6d 70 6c 65 20 41 53 43 49 49 20 66 6f 72 6d 61 74 2e 20 20 41 20 6d 6f 72 65 20 63 6f 6d 70 6c	mple.ASCII.format...A.more.compl
7840	65 78 20 70 61 72 73 65 72 20 6c 69 6b 65 20 4a 53 4f 4e 20 69 73 20 6e 6f 74 20 6e 65 65 64 65	ex.parser.like.JSON.is.not.neede
7860	64 00 53 69 67 73 75 6d 20 6c 6f 67 73 20 69 6d 70 6c 65 6d 65 6e 74 20 61 6e 20 48 54 54 50 28	d.Sigsum.logs.implement.an.HTTP(
7880	53 29 20 41 50 49 2e 20 20 49 6e 70 75 74 20 61 6e 64 20 6f 75 74 70 75 74 20 69 73 20 68 75 6d	S).API...Input.and.output.is.hum
78a0	61 6e 2d 72 65 61 64 61 62 6c 65 20 61 6e 64 00 23 23 23 23 20 33 2e 32 2e 32 20 2d 20 53 75 62	an-readable.and.####.3.2.2.-.Sub
78c0	6d 69 74 20 72 65 71 75 65 73 74 00 00 70 61 72 74 20 6f 66 20 61 20 64 65 66 65 6e 73 65 20 6d	mit.request..part.of.a.defense.m
78e0	65 63 68 61 6e 69 73 6d 20 74 68 61 74 20 68 65 6c 70 73 20 75 73 20 63 6f 6d 62 61 74 20 6c 6f	echanism.that.helps.us.combat.lo
7900	67 20 73 70 61 6d 2e 00 63 68 65 63 6b 20 74 68 61 74 20 5f 73 6f 6d 65 20 64 6f 6d 61 69 6e 5f	g.spam..check.that._some.domain_
7920	20 69 73 20 61 77 61 72 65 20 6f 66 20 74 68 65 20 73 69 67 6e 65 72 27 73 20 76 65 72 69 66 69	.is.aware.of.the.signer's.verifi
7940	63 61 74 69 6f 6e 20 6b 65 79 2e 20 20 54 68 69 73 20 69 73 00 54 68 65 20 73 69 67 6e 65 72 20	cation.key...This.is.The.signer.
7960	61 6c 73 6f 20 68 61 73 20 74 6f 20 64 6f 20 61 20 6f 6e 65 2d 74 69 6d 65 20 44 4e 53 20 73 65	also.has.to.do.a.one-time.DNS.se
7980	74 75 70 2e 20 20 41 73 20 6f 75 74 6c 69 6e 65 64 20 62 65 6c 6f 77 2c 20 6c 6f 67 73 20 77 69	tup...As.outlined.below,.logs.wi
79a0	6c 6c 00 00 72 65 70 6c 61 79 65 64 20 69 6e 20 61 20 6e 6f 6e 2d 6f 76 65 72 6c 61 70 70 69 6e	ll..replayed.in.a.non-overlappin
79c0	67 20 73 68 61 72 64 20 62 79 20 61 20 67 6f 6f 64 20 53 61 6d 61 72 69 74 61 6e 2e 00 69 6e 63	g.shard.by.a.good.Samaritan..inc
79e0	6f 72 70 6f 72 61 74 65 64 20 69 6e 74 6f 20 74 68 65 20 73 69 67 6e 65 64 20 73 74 61 74 65 6d	orporated.into.the.signed.statem
7a00	65 6e 74 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 61 20 6c 6f 67 27 73 20 6c 65 61 76 65	ent.to.ensure.that.a.log's.leave
7a20	73 20 63 61 6e 6e 6f 74 20 62 65 00 54 68 65 20 73 65 6c 65 63 74 65 64 20 73 68 61 72 64 20 68	s.cannot.be.The.selected.shard.h
7a40	69 6e 74 20 61 6e 64 20 63 68 65 63 6b 73 75 6d 20 61 72 65 20 73 69 67 6e 65 64 20 62 79 20 74	int.and.checksum.are.signed.by.t
7a60	68 65 20 73 69 67 6e 65 72 2e 20 20 41 20 73 68 61 72 64 20 68 69 6e 74 20 69 73 00 00 68 61 73	he.signer...A.shard.hint.is..has
7a80	68 20 66 75 6e 63 74 69 6f 6e 2e 20 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 69 74 20 63 6f 75	h.function...For.example,.it.cou
7aa0	6c 64 20 62 65 20 74 68 65 20 68 61 73 68 20 6f 66 20 61 6e 20 65 78 65 63 75 74 61 62 6c 65 20	ld.be.the.hash.of.an.executable.
7ac0	62 69 6e 61 72 79 2e 00 61 63 74 69 76 65 20 64 75 72 69 6e 67 20 32 30 32 31 22 2e 20 20 54 68	binary..active.during.2021"...Th
7ae0	65 20 73 65 6c 65 63 74 65 64 20 63 68 65 63 6b 73 75 6d 20 69 73 20 6d 6f 73 74 20 6c 69 6b 65	e.selected.checksum.is.most.like
7b00	6c 79 20 74 68 65 20 6f 75 74 70 75 74 20 6f 66 20 61 00 73 65 6c 65 63 74 65 64 20 73 68 61 72	ly.the.output.of.a.selected.shar
7b20	64 20 68 69 6e 74 20 72 65 70 72 65 73 65 6e 74 73 20 61 6e 20 61 62 73 74 72 61 63 74 20 73 74	d.hint.represents.an.abstract.st
7b40	61 74 65 6d 65 6e 74 20 6c 69 6b 65 20 22 73 69 67 73 75 6d 20 6c 6f 67 73 20 74 68 61 74 20 61	atement.like."sigsum.logs.that.a
7b60	72 65 00 41 20 73 69 67 6e 65 72 20 73 65 6c 65 63 74 73 20 61 20 73 68 61 72 64 20 68 69 6e 74	re.A.signer.selects.a.shard.hint
7b80	20 61 6e 64 20 61 20 63 68 65 63 6b 73 75 6d 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 6c	.and.a.checksum.that.should.be.l
7ba0	6f 67 67 65 64 2e 20 20 54 68 65 00 23 23 23 23 20 33 2e 32 2e 31 20 2d 20 50 72 65 70 61 72 65	ogged...The.####.3.2.1.-.Prepare
7bc0	20 61 20 72 65 71 75 65 73 74 00 23 23 23 20 33 2e 32 20 2d 20 55 73 61 67 65 20 70 61 74 74 65	.a.request.###.3.2.-.Usage.patte
7be0	72 6e 00 00 6f 74 68 65 72 20 77 6f 72 64 73 2c 20 76 65 72 69 66 69 65 72 73 20 61 6e 64 20 6d	rn..other.words,.verifiers.and.m
7c00	6f 6e 69 74 6f 72 73 20 6d 75 73 74 20 6c 6f 63 61 74 65 20 6b 65 79 73 20 61 6e 64 20 74 72 75	onitors.must.locate.keys.and.tru
7c20	73 74 20 74 68 65 6d 20 65 78 70 6c 69 63 69 74 6c 79 2e 00 74 68 65 20 6c 69 6b 65 6c 69 68 6f	st.them.explicitly..the.likeliho
7c40	6f 64 20 74 68 61 74 20 61 6e 20 75 6e 74 72 75 73 74 65 64 20 6b 65 79 20 69 73 20 64 69 73 63	od.that.an.untrusted.key.is.disc
7c60	6f 76 65 72 65 64 20 61 6e 64 20 75 73 65 64 20 62 79 20 6d 69 73 74 61 6b 65 2e 20 20 49 6e 00	overed.and.used.by.mistake...In.
7c80	4e 6f 74 65 20 74 68 61 74 20 61 20 6b 65 79 20 68 61 73 68 20 69 73 20 6c 6f 67 67 65 64 20 72	Note.that.a.key.hash.is.logged.r
7ca0	61 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 70 75 62 6c 69 63 20 6b 65 79 20 69 74 73 65 6c 66	ather.than.the.public.key.itself
7cc0	2e 20 20 54 68 69 73 20 72 65 64 75 63 65 73 00 00 64 61 74 61 20 74 68 61 74 20 61 20 63 68 65	...This.reduces..data.that.a.che
7ce0	63 6b 73 75 6d 20 72 65 70 72 65 73 65 6e 74 73 2e 20 20 57 68 65 72 65 20 64 61 74 61 20 69 73	cksum.represents...Where.data.is
7d00	20 6c 6f 63 61 74 65 64 20 69 73 20 75 73 65 2d 63 61 73 65 20 73 70 65 63 69 66 69 63 2e 00 41	.located.is.use-case.specific..A
7d20	6e 79 20 61 64 64 69 74 69 6f 6e 61 6c 20 6d 65 74 61 64 61 74 61 20 74 68 61 74 20 69 73 20 75	ny.additional.metadata.that.is.u
7d40	73 65 2d 63 61 73 65 20 73 70 65 63 69 66 69 63 20 63 61 6e 20 62 65 20 73 74 6f 72 65 64 20 61	se-case.specific.can.be.stored.a
7d60	73 20 70 61 72 74 20 6f 66 20 74 68 65 00 00 6e 6f 6e 2d 6f 76 65 72 6c 61 70 70 69 6e 67 20 73	s.part.of.the..non-overlapping.s
7d80	68 61 72 64 2e 20 20 53 65 65 20 64 65 74 61 69 6c 73 20 69 6e 20 53 65 63 74 69 6f 6e 20 34 2e	hard...See.details.in.Section.4.
7da0	32 2e 00 41 20 73 68 61 72 64 20 68 69 6e 74 20 69 73 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 74	2..A.shard.hint.is.included.in.t
7dc0	68 65 20 73 69 67 6e 65 64 20 73 74 61 74 65 6d 65 6e 74 20 74 6f 20 70 72 65 76 65 6e 74 20 72	he.signed.statement.to.prevent.r
7de0	65 70 6c 61 79 73 20 69 6e 20 61 00 00 62 65 20 75 73 65 64 20 74 6f 20 76 65 72 69 66 79 20 74	eplays.in.a..be.used.to.verify.t
7e00	68 65 20 73 69 67 6e 61 74 75 72 65 2e 00 2d 20 2a 2a 6b 65 79 5f 68 61 73 68 2a 2a 3a 20 61 20	he.signature..-.**key_hash**:.a.
7e20	63 72 79 70 74 6f 67 72 61 70 68 69 63 20 68 61 73 68 20 6f 66 20 74 68 65 20 73 69 67 6e 65 72	cryptographic.hash.of.the.signer
7e40	27 73 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6b 65 79 20 74 68 61 74 20 63 61 6e 00 6c 65 61	's.verification.key.that.can.lea
7e60	66 27 73 20 73 68 61 72 64 20 68 69 6e 74 20 61 6e 64 20 63 68 65 63 6b 73 75 6d 2e 00 2d 20 2a	f's.shard.hint.and.checksum..-.*
7e80	2a 73 69 67 6e 61 74 75 72 65 2a 2a 3a 20 61 20 64 69 67 69 74 61 6c 20 73 69 67 6e 61 74 75 72	*signature**:.a.digital.signatur
7ea0	65 20 74 68 61 74 20 69 73 20 63 6f 6d 70 75 74 65 64 20 62 79 20 61 20 73 69 67 6e 65 72 20 6f	e.that.is.computed.by.a.signer.o
7ec0	76 65 72 20 74 68 65 00 6a 75 73 74 20 63 68 65 63 6b 73 75 6d 73 2e 00 2d 20 2a 2a 63 68 65 63	ver.the.just.checksums..-.**chec
7ee0	6b 73 75 6d 2a 2a 3a 20 6d 6f 73 74 20 6c 69 6b 65 6c 79 20 61 20 68 61 73 68 20 6f 66 20 73 6f	ksum**:.most.likely.a.hash.of.so
7f00	6d 65 20 64 61 74 61 2e 20 20 54 68 65 20 6c 6f 67 20 69 73 20 6e 6f 74 20 61 77 61 72 65 20 6f	me.data...The.log.is.not.aware.o
7f20	66 20 64 61 74 61 3b 00 61 72 65 20 61 63 63 65 70 74 65 64 2e 20 20 4f 6e 63 65 20 65 6c 61 70	f.data;.are.accepted...Once.elap
7f40	73 65 64 2c 20 74 68 65 20 6c 6f 67 20 63 61 6e 20 62 65 20 73 68 75 74 20 64 6f 77 6e 2e 00 53	sed,.the.log.can.be.shut.down..S
7f60	68 61 72 64 69 6e 67 20 6d 65 61 6e 73 20 74 68 61 74 20 74 68 65 20 6c 6f 67 20 68 61 73 20 61	harding.means.that.the.log.has.a
7f80	20 70 72 65 64 65 66 69 6e 65 64 20 74 69 6d 65 20 64 75 72 69 6e 67 20 77 68 69 63 68 20 6c 6f	.predefined.time.during.which.lo
7fa0	67 67 69 6e 67 20 72 65 71 75 65 73 74 73 00 2d 20 2a 2a 73 68 61 72 64 5f 68 69 6e 74 2a 2a 3a	gging.requests.-.**shard_hint**:
7fc0	20 61 20 6e 75 6d 62 65 72 20 74 68 61 74 20 62 69 6e 64 73 20 74 68 65 20 6c 65 61 66 20 74 6f	.a.number.that.binds.the.leaf.to
7fe0	20 61 20 70 61 72 74 69 63 75 6c 61 72 20 5f 73 68 61 72 64 20 69 6e 74 65 72 76 61 6c 5f 2e 00	.a.particular._shard.interval_..
8000	61 64 00 00 23 00 00 00 4f 01 00 00 00 10 00 00 44 00 00 00 00 00 00 00 d8 0f 00 00 87 0f 00 00	ad..#...O.......D...............
8020	3c 0f 00 00 ec 0e 00 00 9c 0e 00 00 9b 0e 00 00 4e 0e 00 00 fe 0d 00 00 d5 0d 00 00 8e 0d 00 00	<...............N...............
8040	45 0d 00 00 f6 0c 00 00 97 0c 00 00 96 0c 00 00 4d 0c 00 00 4c 0c 00 00 32 0c 00 00 e5 0b 00 00	E...............M...L...2.......
8060	95 0b 00 00 55 0b 00 00 54 0b 00 00 4a 0b 00 00 07 0b 00 00 06 0b 00 00 f8 0a 00 00 ac 0a 00 00	....U...T...J...................
8080	5f 0a 00 00 5e 0a 00 00 53 0a 00 00 19 0a 00 00 18 0a 00 00 fe 09 00 00 b3 09 00 00 75 09 00 00	_...^...S...................u...
80a0	2d 09 00 00 e4 08 00 00 cf 08 00 00 81 08 00 00 80 08 00 00 36 08 00 00 e5 07 00 00 95 07 00 00	-...................6...........
80c0	49 07 00 00 fa 06 00 00 b9 06 00 00 b8 06 00 00 a0 06 00 00 4e 06 00 00 00 06 00 00 b1 05 00 00	I...................N...........
80e0	61 05 00 00 60 05 00 00 10 05 00 00 bd 04 00 00 6d 04 00 00 1f 04 00 00 d4 03 00 00 d3 03 00 00	a...`...........m...............
8100	c1 03 00 00 74 03 00 00 23 03 00 00 da 02 00 00 8c 02 00 00 40 02 00 00 3f 02 00 00 f0 01 00 00	....t...#...........@...?.......
8120	9f 01 00 00 4f 01 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	....O...N.......................
8140	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 6f 20 64 61 74 61 20 61 6e 64 20 72 69 63 68 20	...............No.data.and.rich.
8160	6d 65 74 61 64 61 74 61 20 69 73 20 6c 6f 67 67 65 64 20 74 6f 20 70 72 6f 74 65 63 74 20 74 68	metadata.is.logged.to.protect.th
8180	65 20 6c 6f 67 20 6f 70 65 72 61 74 6f 72 20 66 72 6f 6d 20 70 6f 69 73 6f 6e 69 6e 67 2e 00 41	e.log.operator.from.poisoning..A
81a0	50 49 2e 20 20 41 20 73 69 67 6e 65 72 20 6d 75 73 74 20 70 72 6f 76 65 20 74 68 61 74 20 74 68	PI...A.signer.must.prove.that.th
81c0	65 79 20 6f 77 6e 20 61 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 61 73 20 61 6e 20 61 6e 74 69 2d	ey.own.a.domain.name.as.an.anti-
81e0	73 70 61 6d 20 6d 65 63 68 61 6e 69 73 6d 2e 00 53 69 67 6e 65 72 73 2c 20 6d 6f 6e 69 74 6f 72	spam.mechanism..Signers,.monitor
8200	73 2c 20 61 6e 64 20 77 69 74 6e 65 73 73 65 73 20 69 6e 74 65 72 61 63 74 20 77 69 74 68 20 74	s,.and.witnesses.interact.with.t
8220	68 65 20 6c 6f 67 73 20 75 73 69 6e 67 20 61 6e 20 41 53 43 49 49 20 48 54 54 50 28 53 29 00 00	he.logs.using.an.ASCII.HTTP(S)..
8240	68 65 61 64 20 69 73 20 63 6f 72 72 65 63 74 20 62 65 66 6f 72 65 20 63 6f 73 69 67 6e 69 6e 67	head.is.correct.before.cosigning
8260	2e 20 20 43 6f 72 72 65 63 74 20 72 65 66 65 72 73 20 74 6f 20 66 72 65 73 68 20 61 6e 64 20 61	...Correct.refers.to.fresh.and.a
8280	70 70 65 6e 64 2d 6f 6e 6c 79 2e 00 63 6f 6e 74 72 6f 6c 6c 69 6e 67 20 65 6e 6f 75 67 68 20 69	ppend-only..controlling.enough.i
82a0	6e 64 65 70 65 6e 64 65 6e 74 20 77 69 74 6e 65 73 73 65 73 2e 20 20 41 20 77 69 74 6e 65 73 73	ndependent.witnesses...A.witness
82c0	20 63 68 65 63 6b 73 20 74 68 61 74 20 61 20 6c 6f 67 27 73 20 74 72 65 65 00 54 68 65 20 64 69	.checks.that.a.log's.tree.The.di
82e0	66 66 69 63 75 6c 74 79 20 6f 66 20 62 79 70 61 73 73 69 6e 67 20 70 75 62 6c 69 63 20 6c 6f 67	fficulty.of.bypassing.public.log
8300	67 69 6e 67 20 69 73 20 62 61 73 65 64 20 6f 6e 20 74 68 65 20 64 69 66 66 69 63 75 6c 74 79 20	ging.is.based.on.the.difficulty.
8320	6f 66 00 73 68 75 74 20 64 6f 77 6e 20 5f 73 61 66 65 6c 79 5f 20 62 65 63 61 75 73 65 20 76 65	of.shut.down._safely_.because.ve
8340	72 69 66 69 63 61 74 69 6f 6e 20 6f 6e 20 74 68 65 20 76 65 72 69 66 69 65 72 2d 73 69 64 65 20	rification.on.the.verifier-side.
8360	69 73 20 6e 6f 74 20 69 6e 74 65 72 61 63 74 69 76 65 2e 00 53 69 67 73 75 6d 20 6c 6f 67 73 20	is.not.interactive..Sigsum.logs.
8380	61 72 65 20 73 68 61 72 64 65 64 20 61 6e 64 20 73 68 75 74 20 64 6f 77 6e 20 61 74 20 70 72 65	are.sharded.and.shut.down.at.pre
83a0	64 65 66 69 6e 65 64 20 74 69 6d 65 73 2e 20 20 41 20 73 69 67 73 75 6d 20 6c 6f 67 20 63 61 6e	defined.times...A.sigsum.log.can
83c0	00 23 23 23 20 33 2e 33 20 2d 20 53 75 6d 6d 61 72 79 00 00 61 67 61 69 6e 73 74 20 61 20 73 69	.###.3.3.-.Summary..against.a.si
83e0	67 6e 65 72 27 73 20 64 69 73 74 72 69 62 75 74 65 64 20 69 6e 66 72 61 73 74 72 75 63 74 75 72	gner's.distributed.infrastructur
8400	65 2e 20 20 41 20 6d 6f 6e 69 74 6f 72 20 6d 61 79 20 64 65 74 65 63 74 20 74 68 61 74 2e 00 73	e...A.monitor.may.detect.that..s
8420	65 72 76 65 20 70 72 6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 20 63 6f	erve.proofs.of.public.logging.co
8440	75 6c 64 20 69 6e 64 69 63 61 74 65 20 74 68 61 74 20 74 68 65 72 65 20 69 73 20 61 6e 20 6f 6e	uld.indicate.that.there.is.an.on
8460	67 6f 69 6e 67 20 61 74 74 61 63 6b 00 69 6e 20 53 65 63 74 69 6f 6e 20 33 2e 32 2e 35 2e 20 20	going.attack.in.Section.3.2.5...
8480	46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 65 20 66 61 63 74 20 74 68 61 74 20 61 20 64 69 73	For.example,.the.fact.that.a.dis
84a0	74 72 69 62 75 74 69 6f 6e 20 6d 65 63 68 61 6e 69 73 6d 20 64 6f 65 73 20 6e 6f 74 00 65 76 65	tribution.mechanism.does.not.eve
84c0	6e 20 69 66 20 61 20 76 65 72 69 66 69 65 72 20 66 61 69 6c 73 20 6f 70 65 6e 20 62 79 20 65 6e	n.if.a.verifier.fails.open.by.en
84e0	66 6f 72 63 69 6e 67 20 74 68 65 20 74 68 69 72 64 20 61 6e 64 20 66 6f 75 72 74 68 20 63 72 69	forcing.the.third.and.fourth.cri
8500	74 65 72 69 61 20 70 61 72 74 69 61 6c 6c 79 00 49 74 20 73 68 6f 75 6c 64 20 61 6c 73 6f 20 62	teria.partially.It.should.also.b
8520	65 20 6e 6f 74 65 64 20 74 68 61 74 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 63 61 6e 20	e.noted.that.sigsum.logging.can.
8540	66 61 63 69 6c 69 74 61 74 65 20 64 65 74 65 63 74 69 6f 6e 20 6f 66 20 61 74 74 61 63 6b 73 00	facilitate.detection.of.attacks.
8560	00 6d 61 79 20 61 6c 73 6f 20 6e 65 65 64 20 74 6f 20 62 65 20 61 77 61 72 65 20 6f 66 20 68 6f	.may.also.need.to.be.aware.of.ho
8580	77 20 74 6f 20 6c 6f 63 61 74 65 20 74 68 65 20 64 61 74 61 20 74 68 61 74 20 61 20 63 68 65 63	w.to.locate.the.data.that.a.chec
85a0	6b 73 75 6d 20 72 65 70 72 65 73 65 6e 74 73 2e 00 73 70 65 63 69 66 69 63 20 69 6e 20 73 69 67	ksum.represents..specific.in.sig
85c0	73 75 6d 2e 20 20 41 74 20 6d 69 6e 69 6d 75 6d 2c 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 6c 6f	sum...At.minimum,.you.need.to.lo
85e0	63 61 74 65 20 72 65 6c 65 76 61 6e 74 20 70 75 62 6c 69 63 20 6b 65 79 73 2e 20 20 59 6f 75 00	cate.relevant.public.keys...You.
8600	74 72 61 63 6b 20 6f 66 20 77 68 61 74 20 61 70 70 65 61 72 73 20 69 6e 20 74 68 65 20 70 75 62	track.of.what.appears.in.the.pub
8620	6c 69 63 20 6c 6f 67 73 2e 20 20 4d 6f 6e 69 74 6f 72 69 6e 67 20 69 73 20 6e 65 63 65 73 73 61	lic.logs...Monitoring.is.necessa
8640	72 69 6c 79 20 75 73 65 2d 63 61 73 65 00 41 6e 20 6f 66 74 65 6e 20 6f 76 65 72 6c 6f 6f 6b 65	rily.use-case.An.often.overlooke
8660	64 20 73 74 65 70 20 69 73 20 74 68 61 74 20 74 72 61 6e 73 70 61 72 65 6e 63 79 20 6c 6f 67 67	d.step.is.that.transparency.logg
8680	69 6e 67 20 66 61 6c 6c 73 20 73 68 6f 72 74 20 69 66 20 6e 6f 2d 6f 6e 65 20 6b 65 65 70 73 00	ing.falls.short.if.no-one.keeps.
86a0	23 23 23 23 20 33 2e 32 2e 36 20 2d 20 4d 6f 6e 69 74 6f 72 69 6e 67 00 00 75 6e 6c 65 73 73 20	####.3.2.6.-.Monitoring..unless.
86c0	74 68 65 20 61 74 74 61 63 6b 65 72 20 63 6f 6e 74 72 6f 6c 73 20 6d 6f 72 65 20 74 68 61 6e 20	the.attacker.controls.more.than.
86e0	61 20 74 68 72 65 73 68 6f 6c 64 20 6f 66 20 77 69 74 6e 65 73 73 65 73 2e 00 74 72 69 63 6b 65	a.threshold.of.witnesses..tricke
8700	64 20 69 6e 74 6f 20 61 63 63 65 70 74 69 6e 67 20 73 6f 6d 65 20 64 61 74 61 20 77 68 6f 73 65	d.into.accepting.some.data.whose
8720	20 63 68 65 63 6b 73 75 6d 20 68 61 76 65 20 79 65 74 20 74 6f 20 62 65 20 70 75 62 6c 69 63 6c	.checksum.have.yet.to.be.publicl
8740	79 20 6c 6f 67 67 65 64 00 75 73 69 6e 67 20 61 20 76 61 72 69 61 6e 74 20 6f 66 20 77 69 74 6e	y.logged.using.a.variant.of.witn
8760	65 73 73 20 63 6f 73 69 67 6e 69 6e 67 2e 20 20 49 6e 20 6f 74 68 65 72 20 77 6f 72 64 73 2c 20	ess.cosigning...In.other.words,.
8780	61 20 76 65 72 69 66 69 65 72 20 63 61 6e 6e 6f 74 20 62 65 00 61 6e 20 69 6e 63 6c 75 73 69 6f	a.verifier.cannot.be.an.inclusio
87a0	6e 20 70 72 6f 6f 66 20 6c 65 61 64 73 20 75 70 20 74 6f 2e 20 20 53 69 67 73 75 6d 20 6c 6f 67	n.proof.leads.up.to...Sigsum.log
87c0	73 20 68 61 76 65 20 74 72 75 73 74 77 6f 72 74 68 79 20 74 72 65 65 20 68 65 61 64 73 20 64 75	s.have.trustworthy.tree.heads.du
87e0	65 20 74 6f 00 54 68 65 72 65 66 6f 72 65 2c 20 61 20 70 72 6f 6f 66 20 6f 66 20 70 75 62 6c 69	e.to.Therefore,.a.proof.of.publi
8800	63 20 6c 6f 67 67 69 6e 67 20 69 73 20 6f 6e 6c 79 20 61 73 20 63 6f 6e 76 69 6e 63 69 6e 67 20	c.logging.is.only.as.convincing.
8820	61 73 20 74 68 65 20 74 72 65 65 20 68 65 61 64 20 74 68 61 74 00 4e 6f 74 69 63 65 20 74 68 61	as.the.tree.head.that.Notice.tha
8840	74 20 74 68 65 72 65 20 61 72 65 20 6e 6f 20 6e 65 77 20 6f 75 74 62 6f 75 6e 64 20 6e 65 74 77	t.there.are.no.new.outbound.netw
8860	6f 72 6b 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 66 6f 72 20 61 20 76 65 72 69 66 69 65 72 2e 00	ork.connections.for.a.verifier..
8880	00 34 2e 20 54 68 65 20 70 72 6f 76 69 64 65 64 20 74 72 65 65 20 68 65 61 64 20 69 73 20 66 72	.4..The.provided.tree.head.is.fr
88a0	6f 6d 20 61 20 6b 6e 6f 77 6e 20 6c 6f 67 20 77 69 74 68 20 65 6e 6f 75 67 68 20 76 61 6c 69 64	om.a.known.log.with.enough.valid
88c0	20 63 6f 73 69 67 6e 61 74 75 72 65 73 2e 00 69 74 73 20 69 6e 63 6c 75 73 69 6f 6e 20 70 72 6f	.cosignatures..its.inclusion.pro
88e0	6f 66 2e 00 33 2e 20 54 68 65 20 70 72 6f 76 69 64 65 64 20 74 72 65 65 20 68 65 61 64 20 63 61	of..3..The.provided.tree.head.ca
8900	6e 20 62 65 20 72 65 63 6f 6e 73 74 72 75 63 74 65 64 20 66 72 6f 6d 20 74 68 65 20 6c 6f 67 67	n.be.reconstructed.from.the.logg
8920	65 64 20 6c 65 61 66 20 61 6e 64 20 00 32 2e 20 54 68 65 20 73 69 67 6e 65 72 27 73 20 73 69 67	ed.leaf.and..2..The.signer's.sig
8940	6e 65 64 20 73 74 61 74 65 6d 65 6e 74 20 69 73 20 76 61 6c 69 64 20 66 6f 72 20 74 68 65 20 73	ned.statement.is.valid.for.the.s
8960	70 65 63 69 66 69 65 64 20 70 75 62 6c 69 63 20 6b 65 79 2e 00 31 2e 20 54 68 65 20 73 69 67 6e	pecified.public.key..1..The.sign
8980	65 72 27 73 20 63 68 65 63 6b 73 75 6d 20 69 73 20 63 6f 72 72 65 63 74 20 66 6f 72 20 74 68 65	er's.checksum.is.correct.for.the
89a0	20 64 69 73 74 72 69 62 75 74 65 64 20 64 61 74 61 2e 00 41 20 76 65 72 69 66 69 65 72 20 73 68	.distributed.data..A.verifier.sh
89c0	6f 75 6c 64 20 6f 6e 6c 79 20 61 63 63 65 70 74 20 74 68 65 20 64 69 73 74 72 69 62 75 74 65 64	ould.only.accept.the.distributed
89e0	20 64 61 74 61 20 69 66 20 74 68 65 73 65 20 63 72 69 74 65 72 69 61 20 68 6f 6c 64 3a 00 23 23	.data.if.these.criteria.hold:.##
8a00	23 23 20 33 2e 32 2e 35 20 2d 20 56 65 72 69 66 69 63 61 74 69 6f 6e 00 00 61 6e 20 69 6e 63 6c	##.3.2.5.-.Verification..an.incl
8a20	75 73 69 6f 6e 20 70 72 6f 6f 66 20 74 68 61 74 20 6c 65 61 64 73 20 75 70 20 74 6f 20 61 20 63	usion.proof.that.leads.up.to.a.c
8a40	6f 73 69 67 6e 65 64 20 74 72 65 65 20 68 65 61 64 2e 00 2a 2a 50 72 6f 6f 66 3a 2a 2a 00 00 63	osigned.tree.head..**Proof:**..c
8a60	6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 64 61 74 61 20 61 6e 64 20 6d 65 74 61 64 61 74 61 20	ombination.of.data.and.metadata.
8a80	63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 63 6f 6e 73 74 72 75 63 74 20 74 68 65 20 6c	can.be.used.to.reconstruct.the.l
8aa0	6f 67 67 65 64 20 6c 65 61 66 2e 00 61 20 73 69 67 6e 65 72 27 73 20 73 68 61 72 64 20 68 69 6e	ogged.leaf..a.signer's.shard.hin
8ac0	74 2c 20 73 69 67 6e 61 74 75 72 65 2c 20 61 6e 64 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6b	t,.signature,.and.verification.k
8ae0	65 79 20 68 61 73 68 2e 20 20 4e 6f 74 65 20 74 68 61 74 20 74 68 65 00 2a 2a 4d 65 74 61 64 61	ey.hash...Note.that.the.**Metada
8b00	74 61 3a 2a 2a 00 00 74 68 65 20 73 69 67 6e 65 72 27 73 20 64 61 74 61 2e 20 20 49 74 20 63 61	ta:**..the.signer's.data...It.ca
8b20	6e 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 70 72 6f 64 75 63 65 20 61 20 6c 6f 67 67 65 64 20	n.be.used.to.reproduce.a.logged.
8b40	63 68 65 63 6b 73 75 6d 2e 00 2a 2a 44 61 74 61 3a 2a 2a 00 00 74 68 65 20 64 61 74 61 2e 20 20	checksum..**Data:**..the.data...
8b60	46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 6f 6e 20 61 20 77 65 62 73 69 74 65 2c 20 69 6e 20 61 20	For.example,.on.a.website,.in.a.
8b80	67 69 74 20 72 65 70 6f 73 69 74 6f 72 79 2c 20 65 74 63 2e 00 73 74 61 72 74 2e 20 20 44 69 73	git.repository,.etc..start...Dis
8ba0	74 72 69 62 75 74 69 6f 6e 20 68 61 70 70 65 6e 73 20 75 73 69 6e 67 20 74 68 65 20 73 61 6d 65	tribution.happens.using.the.same
8bc0	20 6d 65 63 68 61 6e 69 73 6d 20 74 68 61 74 20 69 73 20 6e 6f 72 6d 61 6c 6c 79 20 75 73 65 64	.mechanism.that.is.normally.used
8be0	20 66 6f 72 00 41 66 74 65 72 20 61 20 73 69 67 6e 65 72 20 63 6f 6c 6c 65 63 74 65 64 20 70 72	.for.After.a.signer.collected.pr
8c00	6f 6f 66 73 20 6f 66 20 70 75 62 6c 69 63 20 6c 6f 67 67 69 6e 67 20 74 68 65 20 64 69 73 74 72	oofs.of.public.logging.the.distr
8c20	69 62 75 74 69 6f 6e 20 70 68 61 73 65 20 63 61 6e 00 23 23 23 23 20 33 2e 32 2e 34 20 2d 20 44	ibution.phase.can.####.3.2.4.-.D
8c40	69 73 74 72 69 62 75 74 69 6f 6e 00 00 55 73 65 2d 63 61 73 65 73 20 6c 69 6b 65 20 69 6e 73 74	istribution..Use-cases.like.inst
8c60	61 6e 74 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 73 75 61 6e 63 65 20 61 72 65 20 6e 6f 74	ant.certificate.issuance.are.not
8c80	20 73 75 70 70 6f 72 74 65 64 20 62 79 20 64 65 73 69 67 6e 2e 00 00 09 5b 47 34 5c 5d 5d 28 68	.supported.by.design....[G4\]](h
8ca0	74 74 70 73 3a 2f 2f 64 6f 63 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 64 6f 63 75 6d 65 6e 74 2f	ttps://docs.google.com/document/
8cc0	64 2f 31 36 47 2d 51 37 69 4e 33 6b 42 34 36 47 53 57 35 62 2d 73 66 48 35 4d 4f 33 6e 4b 53 59	d/16G-Q7iN3kB46GSW5b-sfH5MO3nKSY
8ce0	79 45 62 37 37 59 73 4d 37 54 4d 5a 47 45 2f 65 64 69 74 29 2e 00 09 5b 47 33 2c 5d 28 68 74 74	yEb77YsM7TMZGE/edit)...[G3,](htt
8d00	70 73 3a 2f 2f 70 65 74 73 79 6d 70 6f 73 69 75 6d 2e 6f 72 67 2f 32 30 32 31 2f 66 69 6c 65 73	ps://petsymposium.org/2021/files
8d20	2f 70 61 70 65 72 73 2f 69 73 73 75 65 32 2f 70 6f 70 65 74 73 2d 32 30 32 31 2d 30 30 32 34 2e	/papers/issue2/popets-2021-0024.
8d40	70 64 66 29 00 09 5b 47 32 2c 5d 28 68 74 74 70 73 3a 2f 2f 64 61 74 61 74 72 61 63 6b 65 72 2e	pdf)..[G2,](https://datatracker.
8d60	69 65 74 66 2e 6f 72 67 2f 64 6f 63 2f 68 74 6d 6c 2f 64 72 61 66 74 2d 69 65 74 66 2d 74 72 61	ietf.org/doc/html/draft-ietf-tra
8d80	6e 73 2d 67 6f 73 73 69 70 2d 30 35 29 00 09 5b 5c 5b 47 31 2c 5d 28 68 74 74 70 73 3a 2f 2f 69	ns-gossip-05)..[\[G1,](https://i
8da0	65 65 65 78 70 6c 6f 72 65 2e 69 65 65 65 2e 6f 72 67 2f 73 74 61 6d 70 2f 73 74 61 6d 70 2e 6a	eeexplore.ieee.org/stamp/stamp.j
8dc0	73 70 3f 61 72 6e 75 6d 62 65 72 3d 37 33 34 36 38 35 33 29 00 6e 65 65 64 20 66 6f 72 20 72 65	sp?arnumber=7346853).need.for.re
8de0	61 63 74 69 76 65 20 67 6f 73 73 69 70 2d 61 75 64 69 74 20 70 72 6f 74 6f 63 6f 6c 73 00 54 68	active.gossip-audit.protocols.Th
8e00	65 20 61 64 64 65 64 20 6c 61 74 65 6e 63 79 20 69 73 20 61 20 74 72 61 64 65 2d 6f 66 66 20 74	e.added.latency.is.a.trade-off.t
8e20	68 61 74 20 73 69 6d 70 6c 69 66 69 65 73 20 73 69 67 73 75 6d 20 6c 6f 67 67 69 6e 67 20 62 79	hat.simplifies.sigsum.logging.by
8e40	20 72 65 6d 6f 76 69 6e 67 20 74 68 65 00 49 74 20 74 61 6b 65 73 20 66 69 76 65 20 74 6f 20 74	.removing.the.It.takes.five.to.t
8e60	65 6e 20 6d 69 6e 75 74 65 73 20 62 65 66 6f 72 65 20 61 20 73 69 67 6e 65 72 27 73 20 64 69 73	en.minutes.before.a.signer's.dis
8e80	74 72 69 62 75 74 69 6f 6e 20 70 68 61 73 65 20 63 61 6e 20 73 74 61 72 74 2e 00 00 74 6f 20 74	tribution.phase.can.start...to.t
8ea0	68 65 20 6c 6f 67 73 20 73 6f 20 74 68 61 74 20 73 69 67 6e 65 72 73 20 63 61 6e 20 65 61 73 69	he.logs.so.that.signers.can.easi
8ec0	6c 79 20 66 65 74 63 68 20 74 68 65 20 66 69 6e 61 6c 69 7a 65 64 20 63 6f 73 69 67 6e 65 64 20	ly.fetch.the.finalized.cosigned.
8ee0	74 72 65 65 20 68 65 61 64 73 2e 00 61 70 70 65 6e 64 2d 6f 6e 6c 79 20 62 65 66 6f 72 65 20 64	tree.heads..append-only.before.d
8f00	6f 69 6e 67 20 61 20 63 6f 73 69 67 6e 61 74 75 72 65 20 6f 70 65 72 61 74 69 6f 6e 2e 20 20 43	oing.a.cosignature.operation...C
8f20	6f 73 69 67 6e 61 74 75 72 65 73 20 61 72 65 20 70 6f 73 74 65 64 20 62 61 63 6b 00 6c 6f 67 73	osignatures.are.posted.back.logs
8f40	20 66 6f 72 20 73 6f 2d 63 61 6c 6c 65 64 20 5f 74 6f 2d 73 69 67 6e 5f 20 74 72 65 65 20 68 65	.for.so-called._to-sign_.tree.he
8f60	61 64 73 2c 20 76 65 72 69 66 79 69 6e 67 20 74 68 61 74 20 74 68 65 79 20 61 72 65 20 66 72 65	ads,.verifying.that.they.are.fre
8f80	73 68 20 61 6e 64 00 53 69 67 73 75 6d 20 6c 6f 67 73 20 66 72 65 65 7a 65 20 61 20 74 72 65 65	sh.and.Sigsum.logs.freeze.a.tree
8fa0	20 68 65 61 64 20 65 76 65 72 79 20 66 69 76 65 20 6d 69 6e 75 74 65 73 2e 20 20 43 6f 73 69 67	.head.every.five.minutes...Cosig
8fc0	6e 69 6e 67 20 77 69 74 6e 65 73 73 65 73 20 70 6f 6c 6c 20 74 68 65 00 23 23 23 23 20 33 2e 32	ning.witnesses.poll.the.####.3.2
8fe0	2e 33 20 2d 20 57 61 69 74 20 66 6f 72 20 77 69 74 6e 65 73 73 20 63 6f 73 69 67 6e 69 6e 67 00	.3.-.Wait.for.witness.cosigning.