Re: [Trans] Ticket 179 - moving Cert/Precert indicator into the data structure
Eran Messeri <eranm@google.com> Thu, 04 May 2017 16:18 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9631270AC for <trans@ietfa.amsl.com>; Thu, 4 May 2017 09:18:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIMMMVbkLmvY for <trans@ietfa.amsl.com>; Thu, 4 May 2017 09:18:17 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FB37127863 for <trans@ietf.org>; Thu, 4 May 2017 09:18:09 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id p24so28659516ioi.0 for <trans@ietf.org>; Thu, 04 May 2017 09:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=D1YjF04uJif1u3c0XsgBnHJoaK/luYcxRz47hYmethg=; b=PRgJ7RoKwCEzwMdzfxa36Ee6i3TRaLUOE6qyFJt9HsShyYCqHwwJDei+yC/kJVzwF7 yCKJFkvAuyMYtBP9d6SmwVB/jdVzKnRmx0llyVJu/YW5J3axfPtI6Yit2AHnsRMvempq +Y8ByimV1MIH5m2Y+ObSLdEhK70BuNdATGAsMO6nWNCnVEvLPcCLCLwf8lTDwaXIJm73 DkoMu0UkdHa9hd7Q/nqf7WAGQBDqva/FUmqvaol/OhZCnLpXXR654/Ul3UT/qWgb9aJg sYq0VjOlIx9xKBfzjUtpqvmt8x3F57C/Pejz+lgqETD+6yavRF1xv3uIYbrotEpqZ2+j D4wg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=D1YjF04uJif1u3c0XsgBnHJoaK/luYcxRz47hYmethg=; b=LZap4OM30AZ/JDCUId3i+Mhs8Lg3tKohUFOL2hnkCKHyTydjaLRJQ5b3uXUXiEBIMW eB3UD7JS750EwNPBuYN2QhK5JBh6mjT1So9gf7lDRbUE1TVnwBXTbyMZEyfWdM6C/AgU MZ8QgagrjBWzYUdaQFJfXuYTvirneeEPPIj8/o9tZWNQY07b2egZdE6ZuODQIunLgtYT WQ0z+Uo8IwZ6WKjfqmfIoDMeftm1LIrVkpjBSoOqFeq6I3Js9TLopeJ6a/Fk3HhwHkcX qMQtCgOwsIdV+uiWGg3AKSXhUJqNhZzOkQBA6XkcH9n3DEGcEArhcDSDPCKx4xrNErhV mlFg==
X-Gm-Message-State: AN3rC/5q/iVzqUE2mQYU74wKHZRFrjae4/T+H3ROS4cc5x0FrwYItW6L pdbdiubQLbiIt02k5bXqyJCKYOkGhMBlP5/VUw==
X-Received: by 10.107.133.106 with SMTP id h103mr13775750iod.230.1493914688271; Thu, 04 May 2017 09:18:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.47.41 with HTTP; Thu, 4 May 2017 09:17:37 -0700 (PDT)
In-Reply-To: <20170504082633.81f2ce21509fc2268005dff4@andrewayer.name>
References: <CALzYgEeOqq+ZbSPSqnZh006yS6bHdOzCrhKUMgmqrJkdTCp_ig@mail.gmail.com> <20170504082633.81f2ce21509fc2268005dff4@andrewayer.name>
From: Eran Messeri <eranm@google.com>
Date: Thu, 04 May 2017 17:17:37 +0100
Message-ID: <CALzYgEd98R-ghWdPCVhDGnR2-pieZjJES_seE1Wnmth0ddPBqQ@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ff9a6522c20054eb51e2c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/6DLcY5USA_q-KC_Tr34MBWVgxxg>
Subject: Re: [Trans] Ticket 179 - moving Cert/Precert indicator into the data structure
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 16:18:19 -0000
On Thu, May 4, 2017 at 4:26 PM, Andrew Ayer <agwa@andrewayer.name> wrote: > On Wed, 3 May 2017 18:53:00 +0100 > Eran Messeri <eranm@google.com> wrote: > > > I'm looking for opinions on ticket 179 > > <https://trac.ietf.org/trac/trans/ticket/179>, which suggests > > "folding" the Cert/Precert indicator for an SCT into the data > > structure contained in the TransItem (right now it's part of the > > TransItem type indicator). > > > > Personally I find it hard to justify such a change, since SCTs are > > already clearly defined as TransItems and it's a non-trivial change > > to the data structures without a strong benefit. > > > > Suggestions? > > I agree that there isn't a very strong justification for making a > non-trivial change like this. > > I would also like to understand why 6962-bis consolidated all the type > indicators into a single one before that work is undone. > In 6962 different structures had versions (SCT, MerkleTreeLeaf, TreeHeadSignature), making it appear as if "v2" STHs can be mixed with "v1" SCTs or tree leaves. In practice, while it may be possible, it's not as straightforward as the independent data structure versioning makes it appear, since there's a dependency between the data structures. Moving the version to the topmost layer, together with the data structure type, makes it explicit which type is being dealt with. Another problem is that the different versions in 6962 were incorrectly interpreted by implementations, some using a "global" versioning scheme, some using per-type versioning scheme, and not all implementations checking these are versions they know about. Requiring inspection of the (versioned) type for correct interpretation of the TransItem forces implementations to consider the version they're dealing with, removing the potential pitfall of having a version field that's not properly checked. Rob, who undertook this non-trivial change, may have a more complete context. > > Absent a stronger justification and an explanation of why the > consolidation was done in the first place, I favor keeping 6962-bis > as-is. > > Regards, > Andrew >
- [Trans] Ticket 179 - moving Cert/Precert indicato… Eran Messeri
- Re: [Trans] Ticket 179 - moving Cert/Precert indi… Andrew Ayer
- Re: [Trans] Ticket 179 - moving Cert/Precert indi… Eran Messeri
- Re: [Trans] Ticket 179 - moving Cert/Precert indi… Rob Stradling