On 8 August 2015 at 12:25, Bryan Ford <[email protected]> wrote: > [Many good things]
Okay. If I simplify unfairly I think I agree with many of the root points of your email. 1) Yes, more logs plus even a weeks worth of STHs probably affords too much ability for tracking. Releasing a STH will have some sort of probability attached to it, but again 'statistics'[0]. I've open a ticket to make sure we don't lose this. 2) Yes, a multi-signer log is more resistant to attack than a single-signer log. I would note there's nothing that would stop someone from running a multi-signer log using distributed signing; and if you can work out the practicalities, your log would probably be seen as one of the more trustworthy ones. I'm doubtful of the likelihood of converting existing logs into this model, but since CT can evolve over time, and logs can be removed/added, there's no reason it can't be a long-term goal. -tom [0] I think there will be a revival (or at least a re-visit) of the research done for pooling strategies in remailers. There was a paper that summed up all the different pooling strategies. Don't remember the name, but I know it's on http://www.freehaven.net/anonbib/ _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
