Gary Belvin <[email protected]> wrote Mon, 22 May 2017 15:16:24 +0000: >> return a different stream of bytes for the same ingoing parameters, for SCTs > and STHs. > In addition to fixing signature randomization, wouldn't one also need to > fix the inputs to the signature? Timestamps in particular and any server > supplied data that wasn't directly tied to the leaves themselves would seem > to be a problem.
Yes. My understanding is that they are all under control. For STH's: The log id is fixed. The number of timestamps, the tree size and the root hash are limited by the STH frequency count. The extensions field is unused. For SCT's: The log id is fixed. Timestamps are limited by the visibility in the log and the cost of storage forever. The extensions field is unused. None of issuer key hash and (pre-) certificate in the timestamped entry are server supplied. Please let us know if we're missing something. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
