[Trans] STH Pollination Implementations
Andrew Ayer <agwa@andrewayer.name> Mon, 27 March 2017 23:11 UTC
Return-Path: <agwa@andrewayer.name>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4E651296C9 for <trans@ietfa.amsl.com>; Mon, 27 Mar 2017 16:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewayer.name
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pRwvXx0Di8tS for <trans@ietfa.amsl.com>; Mon, 27 Mar 2017 16:11:45 -0700 (PDT)
Received: from alcazar.beanwood.com (alcazar.beanwood.com [70.85.129.230]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F52E1296BF for <trans@ietf.org>; Mon, 27 Mar 2017 16:11:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=beanwood20160511; t=1490656304; bh=3USB7OYodXW88vGbM2IIcQR+Pbk0i+WDqTDd8auGyls=; h=Date:From:To:Subject; b=ClII7lD4++T13GDymWxy8CgZYr59+N3+i6hR7345KVsNZhYAmhUac2ZMVcNEfsGSh QkQ9/I84kkx65uuHUrdexMhDP8baM2AwAZfDwRThdQGpvc99BO5GKkwfxSIASIiCNp Z7HNZ9/by8TKqzBSddef1vy1pJxP4bZ6ZVNbSp8Yo9GJh9zvC2G21MasWo3R2nHmd/ MK0+EfhLBEcPpcerTPVtV567mX6e+j2y7aIgqiRYUC9TgLWclqRjBvJq8qFBeme1bN M9hl4b2eGNVUM+nkecA2D4dgCxX12IE/loP43tYwV5szv424JomvH/5zMlIOlkbiIM f+Wpad/nW4+mw==
Date: Mon, 27 Mar 2017 16:11:44 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: trans@ietf.org
Message-Id: <20170327161144.23c6b7a5a73ce65dad1cfc36@andrewayer.name>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/6VECjfO12Owtgsf0Ne3PDo5UkLM>
Subject: [Trans] STH Pollination Implementations
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 23:11:47 -0000
First, Graham Edgecombe and I have set up public sth-pollination endpoints as defined in draft-ietf-trans-gossip-00: https://certspotter.com/.well-known/ct/v1/sth-pollination https://ct.grahamedgecombe.com/.well-known/ct/v1/sth-pollination Our monitors are using these endpoints to exchange STHs twice an hour. We're using the -00 draft instead of -04 because -00 was the last draft to use v1 STHs. As I mentioned previously, I think it would be good to add v1 support back to the Gossip document, if it's not too late to do so. v1 logs will be with us for some time and the ecosystem would benefit from STH pollination. Second, I've written a lightweight program called "ct-honeybee" which queries public logs and uploads their latest STHs to my and Graham's sth-pollination endpoints: https://github.com/SSLMate/ct-honeybee/ My hope is for a diverse set of people to run ct-honeybee from various vantage points to increase the likelihood of detecting split log views. Let me know if you have any questions. Also, consider running ct-honeybee! :-) Regards, Andrew
- [Trans] STH Pollination Implementations Andrew Ayer