On Tue, Mar 7, 2017 at 1:10 PM, Ben Laurie <[email protected]> wrote: > > > On 3 March 2017 at 19:09, Andrew Ayer <[email protected]> wrote: > >> On Fri, 3 Mar 2017 13:24:51 -0500 >> Richard Barnes <[email protected]> wrote: >> > - A field in an SCT that indicates the canonical STH for the >> > certificate in question. Possibly a serial number in STH that SCTs >> > could refer to. >> >> Is this necessary? Why not define the canonical STH as the first STH >> issued after the SCT (based on timestamp)? >> > > That doesn't work - the cert may not have been included in the log by then. > > That said, not sure how Richard's proposal works, either - in general, the > front-end that returns the SCT cannot know when the cert will be included, > and hence cannot predict the relevant STH. >
Yes, this proposal would require that there be enough coordination between log ingress and storage that the front-end could know under which STH a cert would land. I realize that might not be the case now, but is it unachievable? --Richard > Not entirely sure I agree with the initial premise anyway. > >> >>
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
