We are happy to announce the first release of the sigsum log server
software and Ansible role collection! This means that the project is
ready for wider deployment, and that we are committed to provide
well-documented upgrade paths when releasing future versions.
For background, recall that Sigsum makes signed checksums transparent.
This makes it possible to detect malicious and unintended key-usage.
The ansible role collection aims to make it easy for organizations to
host sigsum logs on their own infrastructure, including setup of mariadb
and data replication between a log instance's primary and secondary
nodes. The v1.0.0 Ansible release makes use of the following versions:
- log-go v0.9.0
- sigsum-go v0.1.23
- Trillian v1.5.1
For more information relating to the log server architecture and how to
get started with our ansible collection, see:
We recommend to also take a look at the Sigsum roadmap:
Of note is that the sigsum protocol is still at version 0. While we are
not expecting any major changes at this point, an upcoming release will
extend the log software with a witness cosigning protocol that is still
in-progress. Change logs and the information necessary to perform
upgrades will be provided from here on. However, it is not recommended
for end-users to fail-close on sigsum logging before protocol version 1.
Please report issues and request support on our GitLab issue tracker.
We are also available on irc.oftc.net and Matrix in room #sigsum.
More informasion can also be found on our webpage:
The Sigsum team
this is a question that I hope is convered in the literature on
transparency logs, but what meaning do we assign to a single, isolated,
If we have a *sequence* of cosigned tree heads (signed by a particular
witness, ordered by increasing tree size), then each cosignature says that
all tree leafs in previous cosigned trees are present in later
trees. But a sigsum client only sees a single cosigned tree head, not
the sequence. In particular, consider the case of the first cosignature
of a particular witness, with no history.
So what exactly does that signature mean?
I suspect there are maybe some underlying assumptions or policys that
should be spelled out somewhere.
Is this an reasonably accurate description? When I see a leaf node
accompanied by a cosigned treehead and an inclusion proof leading up to
that head, then I expect that the witness will raise some alarm if,
sometime in the future, the log attempts to publish a tree head where
the leaf no longer is present?
In this case, a single cosignature doesn't make any claim about the
state of the log, it just states that the witness has observed this
state, and hence that the witness has the information needed to detect
future inconsistencies. More concisely: An isolated cosignature
(without history) does not make a claim about the state of the log, it
makes a claim about the state of the witness.
Does that make sense?