7 June 2017 15:57 Ryan Sleevi <[email protected]> wrote: >> It is definitely possible to generate new timestamps and not log them, but I >> was rebutting "they don't have to produce the list of SCTs they've signed", >> which is not true, unless "don't have to" is different from "not required >> to". Logs are required to produce the list of all timestamps they have >> signed when MMD has passed. That is what it means to be a log. > > I'm not sure your usage of "required" to. If you mean in the abstract, > philosophical sense - yes, a well-behaving log is expected to do so. > > However, an evil log can lie - and not produce such timestamps, by not > integrating them into the log, despite having signed them. Which was the > point - only an Honest Log can audit the production of all of its SCTs and > make sure they're integrated, but the concern here is about a Dishonest Log, > which would only integrate some of the SCTs into the STH.
But then "they don't have to produce the list of SCTs they've signed" would be a meaningless statement, since no action by anyone in the world would make them "have to" do anything. The only reasonable interpretation of "have to" in this context is what is called "MUST" in RFC 2119. If you mean "can do this undetected until time t", then say so. But, in the same sentence, Jacob wrote: "IIUC, logs are allowed to produce infinite SCTs for the same cert once they've logged it", which is what I based my answer on. If the log disregards all rules and doesn't care about being discovered as a bad log, surely it wouldn't care about whether it was allowed to produce many SCTs for the same cert or not. Which means that restricting that wouldn't solve that problem. /Magnus _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
