Trust model
Who you have to trust when you use OpenVet, and what each party can and cannot do.
TODO: write me. Suggested outline:
- The actors: audit author, log operator, registry, consumer.
- What each can do, and what they cannot do without being detected (this is the crux of the design).
- Why “consumers pin a log head” gives you the property you want without trusting the operator.
- Key compromise: what happens, what the recovery path is.
- Comparison to “you have to trust the registry” models.