On Tue, 9 May 2017 19:28:54 +0100 Al Cutter <[email protected]> wrote: > > This is a viable solution to the problem of deterministic > > signatures, though, so it should be mentioned in -bis. > > How about requiring returning the same signature for the same SCT / > > STH, without requiring the use of deterministic signature schemes? > > > > At least for SCTs this is not a good idea; if you require this, then > by implication you also require a strongly consistent global queue > with deduping for putting the to-be-sequenced leaves into. That's > certainly one way of building a log, but there are others, and not > everyone's got Spanner :) > > Incidentally this is why RFC6962 says 'the log ... MAY return the > same SCT as it returned before'; I'd imagine most log implementations > will generally do this because it makes sense from the operators' PoV > of controlling growth, but there may be situations when they can't > guarantee it.
Ah, good point. Maybe we should only require same/deterministic signatures for STHs. As Tom and Linus have discussed, that's where same/deterministic signatures are the most needed anyways. Regards, Andrew _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
