The capability to incorporate certificate logging requests, and therefore mint substantially more frequent STHs is an artifact of the new codebase that these CT Logs are running on. The migration was performed in November [1] as you have observed, and was undertaken to increase reliability and availability of these CT Logs. Frequent STHs are compliant with both RFC 6962 and the relevant CT-enforcing user agent policies, but if this behavior is actively harmful, discussion on [email protected] is probably the most reliable venue for discussing changes that are outside the scope of RFC 6962, as this will be visible to Log Operators, CAs, and Browsers/UAs.
[1] https://groups.google.com/a/chromium.org/d/msg/ct-policy/-AGqeW5r7ck/4M6BB9CEAQAJ On Fri, Mar 22, 2019 at 9:48 AM Rasmus Dahlberg <[email protected]> wrote: > Hi, > > You could fetch the latest STH periodically based on how often a log can > produce > it: see MMD and STH frequency in Section 4.1. For example, checking once > per > hour makes sense if a log's MMD is 24 hours and its STH frequency is 24. > If you > are looking to fetch STHs today, i.e., from a log that is not CT/bis > compliant, > you could learn how often STHs are normally produced by some initial > polling > tests. Another option is to simply pick an interval that suits your needs, > preferably without being to aggressive based on how often STHs are > produced. > > On the topic of STH frequency, have anyone else noticed that Google's > Icarus, > Pilot, Rocketeer and Skydiver logs switched from one hour STH interarrival > times > to nearly instant updates somewhere around November 2018? Try fetching one > hundred STHs back-to-back: most tree sizes will be unique. > > If anyone knows what motivated this change I would happily be pointed in > the > right direction. As many of you know, such high STH frequencies can cause > a lot > of friction while experimenting and deploying various forms of > gossip/auditing. > > /R > > On Thu, Mar 21, 2019 at 10:14:58PM +0300, Evgeny wrote: > > On Thu, Mar 21, 2019 at 7:41 PM, Evgeny <[email protected]> wrote: > > > Like while(0) {... sleep(1)}? > > > > Oops, it should have been while(1) of course :) > > > > _______________________________________________ > > Trans mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/trans > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans >
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
