Document attack vectors for permanent denial-of-service
Document all the permanent DoS vectors we're aware of. Of the top of my head I can only name one:
- Compromise the log operator's key
- Create a split view for each witness you want to DoS (or rather each trust policy you want to DoS)
- Witnesses can no longer agree on the log's state. The attacker wins.
So even though the log operator isn't trusted by the trust policy to define the state of the log, it is trusted by the witnesses to define the next consistent log state.