On Oct 19, 2016, at 11:41 PM, Tom Ritter <[email protected]> wrote: > > On 19 October 2016 at 15:31, Kurt Roeckx <[email protected]> wrote: >> On Wed, Oct 19, 2016 at 02:33:30PM -0500, Tom Ritter wrote: >>> Actions for an auditor to take is a good thing to try and document >>> somewhere. We _could_ put it into Gossip, but it seems like a separate >>> draft to me. Off the top of my head I think the main things it would >>> be checking are: >>> - Has the log always issued a STH within the MMD >> >> I didn't look up what the real definition of the MMD is, but what >> I expect is that the time from the SCT being generated until that >> STH being visible is important, not the time the STH is generated. >> >> For instance I only see Digicert's STHs 12 hour later. With Google >> it depends on the log, for Pilot and Aviator it averages around 25 >> minutes, for Rocketeer around 100 minutes. > > Yes, you're right. It's time to get data included (merged) into the > tree after a promise (SCT) had been made. > > I was thinking about it in terms of "Has the log not issued at least > one STH in an X-hour period" which is related to MDD, but not the > exact same.
This is an important distinction. For example, during the period where Google’s Aviator log exceeded its MMD, it was still happily signing its tree so new STHs were being produced … but it had got behind with assigning unique sequence numbers to recently submitted certs, so those certs were not present in the trees that had been signed, and therefore were not reflected by the corresponding STHs. Eventually sequencing caught up and the full backlog of certs was integrated. > >>> - Can I resolve all inputs (SCTs, STHs) into a single STH via >>> inclusion/consistency proofs (to prevent split views) >> >> Which is why I started to collect all that I can see myself. But >> I'm not sure yet if this proposal will let me find all of them, or >> at least all that have been send to someone. > > As an auditor you would want to find all the servers who deploy STH > Pollination or SCT Feedback. [0] Once you do that, and start polling > from them, you'll be doing the best anyone can. > > I'm not sure if there's a non-centralized, scalable way to make such a > list available to people like yourself. I mean obviously someone could > operate a public service and just collect sites that are found via > scanning or self-submitted - and I expect this will happen - but it's > not the sort of thing we'd put in a draft I don't think. > > But we're open to suggestions if you have any particular ideas! This may be too late for 6962-bis: I have been thinking about how an auditor’s task might be easier if Logs were required to retain their historic STHs and provide them on request. It could be done by adding an API along the lines of ‘get-sth-at-time’ or ‘get-sths-between-times’. (where the first returns the STH with largest timestamp <= the timestamp requested, and the second returns a list of STHs with timestamps in the range requested). Auditors could then retrieve the full STH history of a log without having to have collected them over an extended period of time or having to exchange them with other auditors - although verifying STHs gathered by other parties is still worthwhile to detect split views. > > -tom > > [0] You could also operate a user-facing 'Trusted Auditor' and feed > your own browsing history into it or convince others to do the same. > _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
