Hi everyone,

Today we are launching Sigsum, a free and open source software project that revolves around transparency logs and their applications.

While most other logging efforts focus on concrete data structures like TLS certificates, sigsum logs are meant to be general building blocks that support signed checksums and minimally required metadata. It is up to the signer to determine what a checksum should represent.

For example, Mozilla's take on Binary Transparency [1] fits into the intended use of sigsum logging. By avoiding the Certificate Transparency design, complexity can be reduced. Sigsum logging has no SCTs, complicated ASN.1 parsers, or reactive gossip-audit protocols.

Minimalism, distributed trust, and centralized log operations make up our key pillars. These characteristics keep the attack surface small. They also simplify usage, operations, and verification of sigsum logs.

To learn more about sigsum logging, please refer to our design and API documentation [2, 3]. There is also a public prototype available [4].

Would you like to be part of the conversation? We have open Jitsi meetings on Tuesdays at 11:00 UTC. Meeting minutes and linked pads are persisted in our archive for transparency and future reference [5].

Asynchronous interactions take place on IRC, Matrix, and email.

Website: https://www.sigsum.org/ Source: https://git.sigsum.org/ Pads: https://pad.sigsum.org/

Email: https://lists.sigsum.org/ IRC: #sigsum @ OFTC.net Matrix: #sigsum:matrix.org Jitsi: https://meet.sigsum.org/

About Sigsum --- Sigsum started out as one part of the System Transparency project [6].

Early drafts of the public log element can be traced back to 2019 [7]. More focused design iterations started in October, 2020 [8]. Mature drafts of what is now sigsum logging was presented in Q2 of 2021 [9-11].

Links --- 1: https://wiki.mozilla.org/Security/Binary_Transparency 2: https://git.sigsum.org/sigsum/tree/doc/design.md 3: https://git.sigsum.org/sigsum/tree/doc/api.md 4: https://git.sigsum.org/sigsum-log-go/tree/README.md 5: https://git.sigsum.org/sigsum/tree/archive 6: https://git.sigsum.org/sigsum/tree/doc/history.md 7: https://mullvad.net/blog/2019/6/3/system-transparency-future/ 8: https://github.com/system-transparency/stfe/commit/40250377da81864e9e502b803... 9: https://web.archive.org/web/20210427203606/https://hopin.com/events/padsec 10: https://web.archive.org/web/20210603112144/https://swits.hotell.kau.se/Annua... 11: https://web.archive.org/web/20210923134324/https://swits.hotell.kau.se/Annua...