Fwd: the new 2014 Add-Only Sets

James A. Donald jamesd at echeque.com
Wed Nov 13 02:33:18 PST 2013


> Okay, that's it! I think Design "2" is a good one. It has good
> security against rollback or selection attacks by malicious servers
> (assuming some kind of whitelisting of servers! Which is ticket #467
> and is not yet implemented.) And, it doesn't go too far over the top
> in terms of complexity; it seems more intuitive to me than (my vague
> memories of) previous attempts to design add-only sets for LAFS.

A malicious adder, who controlled the a server or communications with 
the server could make up a fictitious history, so that one reader sees 
one history, and another reader sees a different history.

So I don't see that this differs substantially from complete write 
authority.


What one would like is that many people could add, but only a few 
people, or no people, could delete or change, in order that history 
cannot be rewritten, and that every reader will see the same history, 
rather than history being adjusted to be different for different readers.

There was a proposal to do something like this to protect against man in 
the middle attacks by CAs.

The proposal was to use append only files to construct a global map from 
strings to data associated with those strings, such that everyone was 
guaranteed to see the same map, and the same map history - though it is 
not clear to me that append only files are sufficient to accomplish that 
goal.  The map would be used to relate domain names to certificates, 
guaranteeing that everyone, including the rightful owner of the domain, 
saw the same certificate.

I do not recall how they proposed to implement append only files, nor 
the global and same for everyone map.



More information about the cypherpunks mailing list