Re: [Trans] Long Poll
Rasmus Dahlberg <rasmus.dahlberg@kau.se> Fri, 22 March 2019 20:31 UTC
Return-Path: <rasmus.dahlberg@kau.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D149131226 for <trans@ietfa.amsl.com>; Fri, 22 Mar 2019 13:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=kau.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1F7yUtIr-r3 for <trans@ietfa.amsl.com>; Fri, 22 Mar 2019 13:30:59 -0700 (PDT)
Received: from smtp1.kau.se (smtp1.kau.se [130.243.21.250]) by ietfa.amsl.com (Postfix) with ESMTP id 88B7812AF7A for <trans@ietf.org>; Fri, 22 Mar 2019 13:30:58 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [192.36.171.202]) by smtp1.kau.se (Postfix) with ESMTP id BC76A1802534; Fri, 22 Mar 2019 21:30:46 +0100 (CET)
Received: from Exch-A1.personal.kau (exch-a1.kau.se [130.243.19.82]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x2MKUjYu077628 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 22 Mar 2019 21:30:45 +0100
Received: from home (130.243.27.149) by Exch-A1.personal.kau (130.243.19.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1591.10; Fri, 22 Mar 2019 21:30:45 +0100
Date: Fri, 22 Mar 2019 21:30:38 +0100
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
To: Devon O'Brien <devon.obrien@gmail.com>
CC: Evgeny <xramtsov@gmail.com>, eranm@google.com, trans@ietf.org
Message-ID: <20190322203038.pvirayepwbgrvkwz@home>
References: <1553165248.1179.0@smtp.gmail.com> <CALzYgEfEgO2R_SwsAE-UtqV0rPAX9trcREt2jCTw_i1OHsXQFg@mail.gmail.com> <1553186500.1179.1@smtp.gmail.com> <1553195698.1179.2@smtp.gmail.com> <20190322164812.jajis3kx6qbxn25f@work> <CAPpiK7WEHsFnt2iy64k==7q58ok8A4rYMgWRrfwJ6O-20MJdzQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAPpiK7WEHsFnt2iy64k==7q58ok8A4rYMgWRrfwJ6O-20MJdzQ@mail.gmail.com>
User-Agent: NeoMutt/20171215
X-Originating-IP: [130.243.27.149]
X-ClientProxiedBy: Exch-A3.personal.kau (130.243.19.84) To Exch-A1.personal.kau (130.243.19.82)
X-Bayes-Prob: 0.9999 (Score 5, tokens from: outbound, outbound-kau-se:default, kau-se:default, base:default, @@RPTN)
X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem
X-CanIt-Geo: ip=130.243.27.149; country=SE; latitude=59.3247; longitude=18.0560; http://maps.google.com/maps?q=59.3247,18.0560&z=6
X-CanItPRO-Stream: outbound-kau-se:outbound (inherits from outbound-kau-se:default, kau-se:default, base:default)
X-Canit-Stats-ID: 0aXP8uJst - 2e6a9ccc722d - 20190322
X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=kau.se; h=date:from:to :cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=canit; bh=JsDFy4Bt60y7k9r8192pm7Q9fmw8y+9Cs8BeTV dFujw=; b=Qb+9vFgmEv+b3vRhEJSWRBeEJ/D13KvA45ndnreDVnj5ttxFiY3wLp zlCIVvy+ne+sbJI4svdzVOS3ag4rxrwAOAVhM0X+8qJWpCje/x8AYVTTjT6HTaEN WDTqWDfq2+chp2ZX9d9saTd7lm2CiJotXbTym7HqTh8WnuXVMJ42EN0WIhDnmh7S N6fBliE5YoGGnLqvqgGdOxoqGQv2EZk3uyFprUWyBRqI+oYwgdGxPbFmzad9Bfcd UACpSwThQZHddaP5z8VjEolYY37icItptLM3UDAcg6hCuP4qhfcIE5rQNqa/OcKR wZO7izMegj9YJ6YPzwjgQSlSpKDdFjJQ==
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/H2h-ImGXheoDkSGRmRkNdkdNmws>
Subject: Re: [Trans] Long Poll
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 20:31:02 -0000
Thanks, both for the link and your suggestion to bring this to Chrome's CT policy mailing list. One of the reasons why I thought it was relevant to bring up here is the fact that the draft developed by Nordberg, Gillmor and Ritter depends on a sound STH frequency to preserve privacy [2]. 2: https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/ /R On Fri, Mar 22, 2019 at 12:38:36PM -0700, Devon O'Brien wrote: > The capability to incorporate certificate logging requests, and therefore > mint substantially more frequent STHs is an artifact of the new codebase > that these CT Logs are running on. The migration was performed in November > [1] as you have observed, and was undertaken to increase reliability and > availability of these CT Logs. Frequent STHs are compliant with both RFC > 6962 and the relevant CT-enforcing user agent policies, but if this > behavior is actively harmful, discussion on ct-policy@chromium.org is > probably the most reliable venue for discussing changes that are outside > the scope of RFC 6962, as this will be visible to Log Operators, CAs, and > Browsers/UAs. > > [1] > https://groups.google.com/a/chromium.org/d/msg/ct-policy/-AGqeW5r7ck/4M6BB9CEAQAJ > > On Fri, Mar 22, 2019 at 9:48 AM Rasmus Dahlberg <rasmus.dahlberg@kau.se> > wrote: > > > Hi, > > > > You could fetch the latest STH periodically based on how often a log can > > produce > > it: see MMD and STH frequency in Section 4.1. For example, checking once > > per > > hour makes sense if a log's MMD is 24 hours and its STH frequency is 24. > > If you > > are looking to fetch STHs today, i.e., from a log that is not CT/bis > > compliant, > > you could learn how often STHs are normally produced by some initial > > polling > > tests. Another option is to simply pick an interval that suits your needs, > > preferably without being to aggressive based on how often STHs are > > produced. > > > > On the topic of STH frequency, have anyone else noticed that Google's > > Icarus, > > Pilot, Rocketeer and Skydiver logs switched from one hour STH interarrival > > times > > to nearly instant updates somewhere around November 2018? Try fetching one > > hundred STHs back-to-back: most tree sizes will be unique. > > > > If anyone knows what motivated this change I would happily be pointed in > > the > > right direction. As many of you know, such high STH frequencies can cause > > a lot > > of friction while experimenting and deploying various forms of > > gossip/auditing. > > > > /R > > > > On Thu, Mar 21, 2019 at 10:14:58PM +0300, Evgeny wrote: > > > On Thu, Mar 21, 2019 at 7:41 PM, Evgeny <xramtsov@gmail.com> wrote: > > > > Like while(0) {... sleep(1)}? > > > > > > Oops, it should have been while(1) of course :) > > > > > > _______________________________________________ > > > Trans mailing list > > > Trans@ietf.org > > > https://www.ietf.org/mailman/listinfo/trans > > > > _______________________________________________ > > Trans mailing list > > Trans@ietf.org > > https://www.ietf.org/mailman/listinfo/trans > >
- [Trans] Long Poll Evgeny
- Re: [Trans] Long Poll Eran Messeri
- Re: [Trans] Long Poll Evgeny
- Re: [Trans] Long Poll Evgeny
- Re: [Trans] Long Poll Rasmus Dahlberg
- Re: [Trans] Long Poll Evgeny
- Re: [Trans] Long Poll Devon O'Brien
- Re: [Trans] Long Poll Rasmus Dahlberg