diff options
Diffstat (limited to 'docs/design.md')
| -rw-r--r-- | docs/design.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/design.md b/docs/design.md index 83f2b59..2e21f12 100644 --- a/docs/design.md +++ b/docs/design.md @@ -98,3 +98,19 @@ can do is replay or block integrity-protected files that a system generated. "Replays" can happen either way because the monitor polls periodically, i.e., the monitor needs to account for the fact that it may poll the same file twice. Blocking can not be solved by cryptography and would simply result in alerts. + +## Related work + +The commercial version of `certspotter` supports a push-based method for +[authorizing][] legitimately issued certificates. The monitor does its +authentication using HTTP tokens. In contrast, the silentct design is: + + 1. Safe against attackers that MitM the communication to the monitor, i.e., + message authentication codes are used instead of HTTP access tokens. + 2. Applicable in asynchronous workflows, i.e., the monitor does not need to + always be online and listen for allowlist requests on a public address. + +The initial authors of silentct were not aware of Andrew Ayer's related work +before [this thread](https://follow.agwa.name/notice/AmyLDdYcAqF2p5sG24). + +[authorizing]: https://sslmate.com/help/reference/certspotter_authorization_api |