- From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
- Date: Fri, 21 Oct 2022 20:38:19 +0000
- To: public-patcg@w3.org
> This still provides strictly more security than giving all the data to the semi-trusted party. One of my working assumptions is that because this is an "open" API, we generally need to assume that report collectors are entirely untrusted, and we should defend against assume collusion with at least one helper party, which is how I arrived at the assumption that a single coordinator is insufficient. I agree that it is strictly more secure than a single semi-trusted party, but it seems to be very marginally so. I would also say that with multiple coordinators, we are much more aligned in the threat model between the MPC and TEE instantiations, and the difference is almost entirely concentrated on the hardware vs crypto-software dimension. This seems like it would help minimize the layering we're attempting to do here. I know you don't feel too strongly on this point, but I do think it's valuable to make an intentional decision on this point. -- GitHub Notification of comment by eriktaubeneck Please view or discuss this issue at https://github.com/patcg/docs-and-reports/issues/23#issuecomment-1287414653 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 21 October 2022 20:38:20 UTC