IETF Logo Mail Archive

Re: [Trans] What logs are storing (was: The RFC6979 requirement in RFC6962-bis is bad)

Eran Messeri <eranm@google.com> Tue, 09 May 2017 17:37 UTC

Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BB7A129487 for <trans@ietfa.amsl.com>; Tue, 9 May 2017 10:37:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FS0Mdrf0Gm51 for <trans@ietfa.amsl.com>; Tue, 9 May 2017 10:37:37 -0700 (PDT)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 497FC127076 for <trans@ietf.org>; Tue, 9 May 2017 10:37:37 -0700 (PDT)
Received: by mail-io0-x231.google.com with SMTP id f102so6599233ioi.2 for <trans@ietf.org>; Tue, 09 May 2017 10:37:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dl/sAWwLxSUSI453FBfKJQ5LsY3H1OjJJ/J/yJWP/wE=; b=W9H8ydiShVv5JAHW8pW4Wd7dQq0xS/q7UDH9BGUnK4klA4GQSCaC+IMWbpmWvL4NDT YDXdutAzYReJw5Q45an3XZhgKEimAJNiFwi+uSGKynHXTOfGsB0w/3LwvjGe0hGXeFx5 J3M/D37Yakwwsupj2xUeUzu12nd2U2UXsCwAxmRsY7sTzq/5n/rcTVglXaotxwOjLvhu Nm1izk/4OZYFL5E8PN4Ypc6SOIFzqUElLxpTv23YjjXAq60wvuXafBGWwtoPI5RmjxMp +0Mjf0fk7tl9kL79C4RjsfMvzciy4mIXpRC21ve1Nlojnf0961FcXoR/VpVZnJ7q4Gcf Mh6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dl/sAWwLxSUSI453FBfKJQ5LsY3H1OjJJ/J/yJWP/wE=; b=XNTsVVUBxEUkFLvQ4DMXtnmHfjHb8R1+tucW6v6sm7uJ/2FOInuexAVicLO0Kxy4GN rXVuc+Npi9E1F9ALBIkJEVCcOqHATTeU5AWEtGDe6ZkX2+zHvBgnVCJLfl0nuA2NGVN7 biUZ37F55Evi2W0ac2Mhjs86fkW2fc/hUqdWweIxVy3j6f4FkOiDSq7sWU7V8MW6Q62q cBpRJZkVDf2QW47PKOY/wsypAzai1lUZXsGvTQMjpzHT6WjX7GaVK/SBfHHO2jyZNp4K QO0jlIcnP97/2LOtWIO4PIeHi+6vnVuBq6+TDaQZOPjiueKvJtj5jvKgvAz9TM9RI3fy yBLw==
X-Gm-Message-State: AODbwcC8wBdLRBBrahviuklMI6O3Khrhusaqbi/b04Wmal6N7scr/Cse lWMtCZutFUDKNYgVfofwfuP2VXyKt6K1ECY=
X-Received: by 10.107.128.98 with SMTP id b95mr1091429iod.25.1494351456436; Tue, 09 May 2017 10:37:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.129.6 with HTTP; Tue, 9 May 2017 10:37:05 -0700 (PDT)
In-Reply-To: <20170508161443.be44c605e67bec0feeb50e3a@andrewayer.name>
References: <CAFewVt5z3sq-Occ1VaHeNeBvt1yyCM_3_nssZSu2f_PBEL4SFQ@mail.gmail.com> <20170508111141.2ad103252b01cf48b5e988c8@andrewayer.name> <87pofjj6xd.fsf_-_@nordberg.se> <20170508161443.be44c605e67bec0feeb50e3a@andrewayer.name>
From: Eran Messeri <eranm@google.com>
Date: Tue, 09 May 2017 18:37:05 +0100
Message-ID: <CALzYgEe=cD1TMWh5H0bERTSNVAFjzGQ=N4xOL6oLfbQHPvZ_Cg@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: Linus Nordberg <linus@sunet.se>, "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a113dfdaebb6f03054f1acfe5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/851tkezX8c78XX8q6qgksFlpw7g>
Subject: Re: [Trans] What logs are storing (was: The RFC6979 requirement in RFC6962-bis is bad)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 17:37:39 -0000

The downsides with storing signatures (for SCTs and STHs), which is an
additional storage requirement for something that can be generated
on-the-fly:
* Storage costs and processing: Logs have to use highly-reliable storage,
so every piece of data stored costs more and requires more processing to be
verified.
* Potential corruptions: What would a log do if it finds out it stores a
corrupted signature? It could continue operation by re-signing without
problems, unlike a corruption of the list of entries, where it's clear it's
unhealthy (a safety measure in some log implementations is to hash all
entries up to the last-issued STH and verify root hash, before adding new
entries and producing a new one).

This is a viable solution to the problem of deterministic signatures,
though, so it should be mentioned in -bis.
How about requiring returning the same signature for the same SCT / STH,
without requiring the use of deterministic signature schemes?

On Tue, May 9, 2017 at 12:14 AM, Andrew Ayer <agwa@andrewayer.name> wrote:

> On Tue, 09 May 2017 00:54:38 +0200
> Linus Nordberg <linus@sunet.se> wrote:
>
> > Andrew Ayer <agwa@andrewayer.name> wrote
> > Mon, 8 May 2017 11:11:41 -0700:
> >
> > > 3. When producing a new STH or SCT, sign it, store the signature,
> > > and serve the stored signature instead of re-signing on-the-fly
> > > every time the log needs to serve the STH or SCT.  Since the log
> > > already needs to store information about STHs and SCTs, also
> > > storing the signature should not be burdensome.
> >
> > Why do logs already need to store information about SCTs?
>
> Technically it's not required, but practically speaking logs need to
> return an SCT for an existing entry when someone submits an
> already-logged certificate (otherwise the log could be spammed into
> oblivion).  To construct that SCT, the log needs to know the timestamp
> of the existing entry.  A logical place to store the signature would be
> alongside the timestamp.
>
> > Do logs already need to store information about STHs because of the
> > proposed get-sths API [0][1][2] or something else?
>
> Even without the get-sths API, the log needs to store the timestamp of
> the current STH.  That would be a logical place to store the signature.
>
> Regards,
> Andrew
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email