On 27. Jul 2024, at 20:48, Michael Richardson <[email protected]> wrote: > > > Brendan Moran <[email protected]> wrote: >> The issue isn't how long the report can survive, the issue is whether >> an attacker can forge arbitrary reports. The situation as it stands, as >> far as I know, is: > > Assume that the report is issued, and within a few minutes to hours, is > verified, and then added to an append-only log.
Right. So the evidentiary value of the original report is preserved by the signature in the log. (Obviously, this is worth only as much as an ultimate relying party would trust the log not to accept an antedated fake report signature.) Beyond one or more logs with its potential logging of the evidentiary value of a whole signature chain, any number of timestamp tokens or other evidentiary-value preserving signatures can be collected near the time of the report as well. * This mitigates having to trust the log/timestamp service, as the effort to set up collusion between all them can be made quite high. * This limits the need for a long lifetime of the device’s signature key/mechanism, as the long term evidentiary value will be in the logs. Obviously, the log entries/timestamps will need to be stacked up periodically to retain evidentiary value over time, in particular as algorithms used in the earlier ones move towards becoming deprecated. Grüße, Carsten _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
