deploy: 051ff6305f

faq.html

@@ -173,6 +173,7 @@
 <li><a href="#faq12">How do I troubleshoot connection issues?</a></li>
 <li><a href="#faq13">Does TLSNotary Solve the Oracle Problem?</a></li>
 <li><a href="#faq14">What is a presentation in TLSNotary?</a></li>
+<li><a href="#faq15">Why does TLSNotary need an online Verifier? Can't this be done serverlessly in the browser with Zero Knowledge?</a></li>
 </ul>
 <h3 id="faq1"><a class="header" href="#faq1">Doesn't TLS allow a third party to verify data authenticity?</a></h3>
 <p>No, it does not. TLS is designed to guarantee the authenticity of data <strong>only to the participants</strong> of the TLS connection. TLS does not have a mechanism to enable the server to "sign" the data.</p>
@@ -229,6 +230,9 @@ There are no immediate plans to support TLS 1.3. Once the web starts to transiti
 <h3 id="faq14"><a class="header" href="#faq14">What is a presentation in TLSNotary?</a></h3>
 <p>In TLSNotary, a <strong>presentation</strong> refers to data shared by the Prover to selectively reveal specific parts of the TLS data committed to earlier during the attestation phase. By using these earlier commitments, the Prover can choose to disclose only particular segments of the TLS data while keeping other parts hidden or redacted. This enables a flexible and controlled way to share proofs, ensuring that sensitive information remains private.</p>
 <p>The term “presentation” is inspired by similar terminology in the <a href="https://www.w3.org/TR/vc-data-model/#dfn-verifiable-presentations">W3C Verifiable Credentials standard</a>.</p>
+<h3 id="faq15"><a class="header" href="#faq15">Why does TLSNotary need an online Verifier? Can't this be done serverlessly in the browser with Zero Knowledge?</a></h3>
+<p>TLSNotary uses a multi-party computation (MPC) approach to secure the TLS session. Without MPC, the Prover would have full control over the TLS session keys and could forge the Server’s responses. Zero-knowledge (ZK) proofs alone cannot prevent this. To prevent forged responses, the Verifier participates in the handshake, splitting the TLS session keys between the Prover and the Verifier.</p>
+<p>In proxy-based designs only ZK proofs are needed. In such designs the verifier proxies the connection with the server, observes the encrypted traffic, and later verifies a ZK proof from the Prover that the plaintext matches the encrypted data. TLSNotary’s direct connection model avoids introducing a network assumption and provides stronger resistance to censorship compared to the proxy approach.</p>
 
                     </main>
 

print.html

@@ -243,6 +243,7 @@ With TLSNotary, Alice can selectively prove the authenticity of arbitrary portio
 <li><a href="faq.html#faq12">How do I troubleshoot connection issues?</a></li>
 <li><a href="faq.html#faq13">Does TLSNotary Solve the Oracle Problem?</a></li>
 <li><a href="faq.html#faq14">What is a presentation in TLSNotary?</a></li>
+<li><a href="faq.html#faq15">Why does TLSNotary need an online Verifier? Can't this be done serverlessly in the browser with Zero Knowledge?</a></li>
 </ul>
 <h3 id="faq1"><a class="header" href="#faq1">Doesn't TLS allow a third party to verify data authenticity?</a></h3>
 <p>No, it does not. TLS is designed to guarantee the authenticity of data <strong>only to the participants</strong> of the TLS connection. TLS does not have a mechanism to enable the server to "sign" the data.</p>
@@ -299,6 +300,9 @@ There are no immediate plans to support TLS 1.3. Once the web starts to transiti
 <h3 id="faq14"><a class="header" href="#faq14">What is a presentation in TLSNotary?</a></h3>
 <p>In TLSNotary, a <strong>presentation</strong> refers to data shared by the Prover to selectively reveal specific parts of the TLS data committed to earlier during the attestation phase. By using these earlier commitments, the Prover can choose to disclose only particular segments of the TLS data while keeping other parts hidden or redacted. This enables a flexible and controlled way to share proofs, ensuring that sensitive information remains private.</p>
 <p>The term “presentation” is inspired by similar terminology in the <a href="https://www.w3.org/TR/vc-data-model/#dfn-verifiable-presentations">W3C Verifiable Credentials standard</a>.</p>
+<h3 id="faq15"><a class="header" href="#faq15">Why does TLSNotary need an online Verifier? Can't this be done serverlessly in the browser with Zero Knowledge?</a></h3>
+<p>TLSNotary uses a multi-party computation (MPC) approach to secure the TLS session. Without MPC, the Prover would have full control over the TLS session keys and could forge the Server’s responses. Zero-knowledge (ZK) proofs alone cannot prevent this. To prevent forged responses, the Verifier participates in the handshake, splitting the TLS session keys between the Prover and the Verifier.</p>
+<p>In proxy-based designs only ZK proofs are needed. In such designs the verifier proxies the connection with the server, observes the encrypted traffic, and later verifies a ZK proof from the Prover that the plaintext matches the encrypted data. TLSNotary’s direct connection model avoids introducing a network assumption and provides stronger resistance to censorship compared to the proxy approach.</p>
 <div style="break-before: page; page-break-before: always;"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.4/dist/katex.min.css">
 <h1 id="quick-start"><a class="header" href="#quick-start">Quick Start</a></h1>
 <p>This quick start will help you get started with TLSNotary, both in native Rust and in the Browser.</p>