On Tue, 09 May 2017 00:54:38 +0200 Linus Nordberg <[email protected]> wrote:
> Andrew Ayer <[email protected]> wrote > Mon, 8 May 2017 11:11:41 -0700: > > > 3. When producing a new STH or SCT, sign it, store the signature, > > and serve the stored signature instead of re-signing on-the-fly > > every time the log needs to serve the STH or SCT. Since the log > > already needs to store information about STHs and SCTs, also > > storing the signature should not be burdensome. > > Why do logs already need to store information about SCTs? Technically it's not required, but practically speaking logs need to return an SCT for an existing entry when someone submits an already-logged certificate (otherwise the log could be spammed into oblivion). To construct that SCT, the log needs to know the timestamp of the existing entry. A logical place to store the signature would be alongside the timestamp. > Do logs already need to store information about STHs because of the > proposed get-sths API [0][1][2] or something else? Even without the get-sths API, the log needs to store the timestamp of the current STH. That would be a logical place to store the signature. Regards, Andrew _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
