Well, these are logs. So: - Is it necessary to require that log items can't be modified after they have been created? (Or is that implied by the cryptography being used.) How about deleted?
- Is is perhaps a good idea to require a certain minimum accuracy (or other characteristics, timestamps only increase) for it's clock? - Maybe you should consider what will happen if/when an important log stops to be available at some point in the future. Will anything break? - And I already mentioned it, but availability of 99% is not as good as it sounds. It means three and a half days down in a year is allowed. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
