Thanks, both for the link and your suggestion to bring this to Chrome's CT policy mailing list. One of the reasons why I thought it was relevant to bring up here is the fact that the draft developed by Nordberg, Gillmor and Ritter depends on a sound STH frequency to preserve privacy [2].
2: https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/ /R On Fri, Mar 22, 2019 at 12:38:36PM -0700, Devon O'Brien wrote: > The capability to incorporate certificate logging requests, and therefore > mint substantially more frequent STHs is an artifact of the new codebase > that these CT Logs are running on. The migration was performed in November > [1] as you have observed, and was undertaken to increase reliability and > availability of these CT Logs. Frequent STHs are compliant with both RFC > 6962 and the relevant CT-enforcing user agent policies, but if this > behavior is actively harmful, discussion on [email protected] is > probably the most reliable venue for discussing changes that are outside > the scope of RFC 6962, as this will be visible to Log Operators, CAs, and > Browsers/UAs. > > [1] > https://groups.google.com/a/chromium.org/d/msg/ct-policy/-AGqeW5r7ck/4M6BB9CEAQAJ > > On Fri, Mar 22, 2019 at 9:48 AM Rasmus Dahlberg <[email protected]> > wrote: > > > Hi, > > > > You could fetch the latest STH periodically based on how often a log can > > produce > > it: see MMD and STH frequency in Section 4.1. For example, checking once > > per > > hour makes sense if a log's MMD is 24 hours and its STH frequency is 24. > > If you > > are looking to fetch STHs today, i.e., from a log that is not CT/bis > > compliant, > > you could learn how often STHs are normally produced by some initial > > polling > > tests. Another option is to simply pick an interval that suits your needs, > > preferably without being to aggressive based on how often STHs are > > produced. > > > > On the topic of STH frequency, have anyone else noticed that Google's > > Icarus, > > Pilot, Rocketeer and Skydiver logs switched from one hour STH interarrival > > times > > to nearly instant updates somewhere around November 2018? Try fetching one > > hundred STHs back-to-back: most tree sizes will be unique. > > > > If anyone knows what motivated this change I would happily be pointed in > > the > > right direction. As many of you know, such high STH frequencies can cause > > a lot > > of friction while experimenting and deploying various forms of > > gossip/auditing. > > > > /R > > > > On Thu, Mar 21, 2019 at 10:14:58PM +0300, Evgeny wrote: > > > On Thu, Mar 21, 2019 at 7:41 PM, Evgeny <[email protected]> wrote: > > > > Like while(0) {... sleep(1)}? > > > > > > Oops, it should have been while(1) of course :) > > > > > > _______________________________________________ > > > Trans mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/trans > > > > _______________________________________________ > > Trans mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/trans > > _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
