Fwd: the new 2014 Add-Only Sets
James A. Donald
jamesd at echeque.com
Wed Nov 13 02:33:18 PST 2013
> Okay, that's it! I think Design "2" is a good one. It has good
> security against rollback or selection attacks by malicious servers
> (assuming some kind of whitelisting of servers! Which is ticket #467
> and is not yet implemented.) And, it doesn't go too far over the top
> in terms of complexity; it seems more intuitive to me than (my vague
> memories of) previous attempts to design add-only sets for LAFS.
A malicious adder, who controlled the a server or communications with
the server could make up a fictitious history, so that one reader sees
one history, and another reader sees a different history.
So I don't see that this differs substantially from complete write
authority.
What one would like is that many people could add, but only a few
people, or no people, could delete or change, in order that history
cannot be rewritten, and that every reader will see the same history,
rather than history being adjusted to be different for different readers.
There was a proposal to do something like this to protect against man in
the middle attacks by CAs.
The proposal was to use append only files to construct a global map from
strings to data associated with those strings, such that everyone was
guaranteed to see the same map, and the same map history - though it is
not clear to me that append only files are sufficient to accomplish that
goal. The map would be used to relate domain names to certificates,
guaranteeing that everyone, including the rightful owner of the domain,
saw the same certificate.
I do not recall how they proposed to implement append only files, nor
the global and same for everyone map.
More information about the cypherpunks
mailing list