On Fri, 1 Sep 2023, Aljoscha Meyer wrote:
Subject: [Trans] Mail regarding draft-ietf-trans-rfc6962-bis
Do you mean RFC6962 or RFC9162 ?
https://datatracker.ietf.org/doc/html/rfc9162
Dear WG for the Certificate Transparency RFC,
Technically, the CT WG closed, but the list is still active for
discussions on these topics, so thank you for these emails and
information.
I want to point you to two (not yet peer-reviewed) paper drafts of mine that
pertain to CT. The CT RFC and literature barely looks beyond Merkle trees,
and is missing out on some interesting and efficient constructions.
The first paper frames append-only logs in a more general light, bridges the
gap to the rich literature on secure timestamping, characterizes a graph
class that contains Merkle-tree-based logs but also many other designs, and
derive some efficiency criteria under which CT logs are less than ideal:
https://arxiv.org/abs/2308.13836
The second paper proposes an alternate design that has shorter consistency
proofs than CT, has constant-size inclusion proofs for item i from the i-th
signed tree head (and twice as small inclusion proofs on average for
arbitrary items from arbitrary STHs), and requires asymptotically less
metadata: https://arxiv.org/abs/2308.15058
A quick peek shows this design improves on RFC9162.
I'm not familiar with the ietf processes, and given the existing adoption of
CT, there is probably little practical impact to be had. But at the very
least I wanted to inform you of this material, and I'm happy to answer any
question or hear about any faults it might have.
I think the deployment of 9162 is still pretty meager, and that most CT
logs are still on 6962, but I haven't kept track in the last few years.
So in a way, such a smaller deployment might be easier to update if
there are concrete advantages. Although I'm not sure performance is a
big factor in this?
Of course, it never hurts to write it up in a draft and see if people
get interested. Possible ways to publish an RFC from that are to re-open
the trans WG (via a new BoF) or if this is deemed a one-off, perhaps the
route of AD Sponsor would be possible. A third way, which I think makes
less sense, is publication in the Independent Stream (ISE). But since
9162 is Experimental, that could be done.
Thanks for your work on this and for letting us know,
Paul
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
