Dear WG for the Certificate Transparency RFC,
I want to point you to two (not yet peer-reviewed) paper drafts of mine
that pertain to CT. The CT RFC and literature barely looks beyond Merkle
trees, and is missing out on some interesting and efficient constructions.
The first paper frames append-only logs in a more general light, bridges
the gap to the rich literature on secure timestamping, characterizes a
graph class that contains Merkle-tree-based logs but also many other
designs, and derive some efficiency criteria under which CT logs are
less than ideal: https://arxiv.org/abs/2308.13836
The second paper proposes an alternate design that has shorter
consistency proofs than CT, has constant-size inclusion proofs for item
i from the i-th signed tree head (and twice as small inclusion proofs on
average for arbitrary items from arbitrary STHs), and requires
asymptotically less metadata: https://arxiv.org/abs/2308.15058
I'm not familiar with the ietf processes, and given the existing
adoption of CT, there is probably little practical impact to be had. But
at the very least I wanted to inform you of this material, and I'm happy
to answer any question or hear about any faults it might have.
Kind regards,
Aljoscha
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
