4.3 Security Properties

Though the ZTT allows an equivocating server to be detected, we rely on the user to validate device additions. Users might be offline or might be ignoring notifications and therefore compromises might not be detected, or only detected after an attack. The ZTT requires external auditors to provide security guarantees. If the auditors are not honest, or have poor uptime, this can limit the ability to detect server misconduct. We can mitigate this risk by relying on multiple auditors or implement partial auditing by clients.