IETF Logo Mail Archive

Re: [Trans] Long Poll

Rasmus Dahlberg <rasmus.dahlberg@kau.se> Fri, 22 March 2019 20:31 UTC

Return-Path: <rasmus.dahlberg@kau.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D149131226 for <trans@ietfa.amsl.com>; Fri, 22 Mar 2019 13:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=kau.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1F7yUtIr-r3 for <trans@ietfa.amsl.com>; Fri, 22 Mar 2019 13:30:59 -0700 (PDT)
Received: from smtp1.kau.se (smtp1.kau.se [130.243.21.250]) by ietfa.amsl.com (Postfix) with ESMTP id 88B7812AF7A for <trans@ietf.org>; Fri, 22 Mar 2019 13:30:58 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [192.36.171.202]) by smtp1.kau.se (Postfix) with ESMTP id BC76A1802534; Fri, 22 Mar 2019 21:30:46 +0100 (CET)
Received: from Exch-A1.personal.kau (exch-a1.kau.se [130.243.19.82]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x2MKUjYu077628 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 22 Mar 2019 21:30:45 +0100
Received: from home (130.243.27.149) by Exch-A1.personal.kau (130.243.19.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1591.10; Fri, 22 Mar 2019 21:30:45 +0100
Date: Fri, 22 Mar 2019 21:30:38 +0100
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
To: Devon O'Brien <devon.obrien@gmail.com>
CC: Evgeny <xramtsov@gmail.com>, eranm@google.com, trans@ietf.org
Message-ID: <20190322203038.pvirayepwbgrvkwz@home>
References: <1553165248.1179.0@smtp.gmail.com> <CALzYgEfEgO2R_SwsAE-UtqV0rPAX9trcREt2jCTw_i1OHsXQFg@mail.gmail.com> <1553186500.1179.1@smtp.gmail.com> <1553195698.1179.2@smtp.gmail.com> <20190322164812.jajis3kx6qbxn25f@work> <CAPpiK7WEHsFnt2iy64k==7q58ok8A4rYMgWRrfwJ6O-20MJdzQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAPpiK7WEHsFnt2iy64k==7q58ok8A4rYMgWRrfwJ6O-20MJdzQ@mail.gmail.com>
User-Agent: NeoMutt/20171215
X-Originating-IP: [130.243.27.149]
X-ClientProxiedBy: Exch-A3.personal.kau (130.243.19.84) To Exch-A1.personal.kau (130.243.19.82)
X-Bayes-Prob: 0.9999 (Score 5, tokens from: outbound, outbound-kau-se:default, kau-se:default, base:default, @@RPTN)
X-p0f-Info: os=Windows 7 or 8, link=Ethernet or modem
X-CanIt-Geo: ip=130.243.27.149; country=SE; latitude=59.3247; longitude=18.0560; http://maps.google.com/maps?q=59.3247,18.0560&z=6
X-CanItPRO-Stream: outbound-kau-se:outbound (inherits from outbound-kau-se:default, kau-se:default, base:default)
X-Canit-Stats-ID: 0aXP8uJst - 2e6a9ccc722d - 20190322
X-Antispam-Training-Forget: https://mailfilter.sunet.se/canit/b.php?c=f&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Nonspam: https://mailfilter.sunet.se/canit/b.php?c=n&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Phish: https://mailfilter.sunet.se/canit/b.php?c=p&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-Antispam-Training-Spam: https://mailfilter.sunet.se/canit/b.php?c=s&i=0aXP8uJst&m=2e6a9ccc722d&rlm=outbound-kau-se&t=20190322
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=kau.se; h=date:from:to :cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=canit; bh=JsDFy4Bt60y7k9r8192pm7Q9fmw8y+9Cs8BeTV dFujw=; b=Qb+9vFgmEv+b3vRhEJSWRBeEJ/D13KvA45ndnreDVnj5ttxFiY3wLp zlCIVvy+ne+sbJI4svdzVOS3ag4rxrwAOAVhM0X+8qJWpCje/x8AYVTTjT6HTaEN WDTqWDfq2+chp2ZX9d9saTd7lm2CiJotXbTym7HqTh8WnuXVMJ42EN0WIhDnmh7S N6fBliE5YoGGnLqvqgGdOxoqGQv2EZk3uyFprUWyBRqI+oYwgdGxPbFmzad9Bfcd UACpSwThQZHddaP5z8VjEolYY37icItptLM3UDAcg6hCuP4qhfcIE5rQNqa/OcKR wZO7izMegj9YJ6YPzwjgQSlSpKDdFjJQ==
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/H2h-ImGXheoDkSGRmRkNdkdNmws>
Subject: Re: [Trans] Long Poll
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 20:31:02 -0000

Thanks, both for the link and your suggestion to bring this to Chrome's
CT policy mailing list. One of the reasons why I thought it was relevant to
bring up here is the fact that the draft developed by Nordberg, Gillmor
and Ritter depends on a sound STH frequency to preserve privacy [2].

2: https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/

/R

On Fri, Mar 22, 2019 at 12:38:36PM -0700, Devon O'Brien wrote:
> The capability to incorporate certificate logging requests, and therefore
> mint substantially more frequent STHs is an artifact of the new codebase
> that these CT Logs are running on. The migration was performed in November
> [1] as you have observed, and was undertaken to increase reliability and
> availability of these CT Logs. Frequent STHs are compliant with both RFC
> 6962 and the relevant CT-enforcing user agent policies, but if this
> behavior is actively harmful, discussion on ct-policy@chromium.org is
> probably the most reliable venue for discussing changes that are outside
> the scope of RFC 6962, as this will be visible to Log Operators, CAs, and
> Browsers/UAs.
> 
> [1]
> https://groups.google.com/a/chromium.org/d/msg/ct-policy/-AGqeW5r7ck/4M6BB9CEAQAJ
> 
> On Fri, Mar 22, 2019 at 9:48 AM Rasmus Dahlberg <rasmus.dahlberg@kau.se>
> wrote:
> 
> > Hi,
> >
> > You could fetch the latest STH periodically based on how often a log can
> > produce
> > it: see MMD and STH frequency in Section 4.1.  For example, checking once
> > per
> > hour makes sense if a log's MMD is 24 hours and its STH frequency is 24.
> > If you
> > are looking to fetch STHs today, i.e., from a log that is not CT/bis
> > compliant,
> > you could learn how often STHs are normally produced by some initial
> > polling
> > tests. Another option is to simply pick an interval that suits your needs,
> > preferably without being to aggressive based on how often STHs are
> > produced.
> >
> > On the topic of STH frequency, have anyone else noticed that Google's
> > Icarus,
> > Pilot, Rocketeer and Skydiver logs switched from one hour STH interarrival
> > times
> > to nearly instant updates somewhere around November 2018?  Try fetching one
> > hundred STHs back-to-back: most tree sizes will be unique.
> >
> > If anyone knows what motivated this change I would happily be pointed in
> > the
> > right direction. As many of you know, such high STH frequencies can cause
> > a lot
> > of friction while experimenting and deploying various forms of
> > gossip/auditing.
> >
> > /R
> >
> > On Thu, Mar 21, 2019 at 10:14:58PM +0300, Evgeny wrote:
> > > On Thu, Mar 21, 2019 at 7:41 PM, Evgeny <xramtsov@gmail.com> wrote:
> > > > Like while(0) {... sleep(1)}?
> > >
> > > Oops, it should have been while(1) of course :)
> > >
> > > _______________________________________________
> > > Trans mailing list
> > > Trans@ietf.org
> > > https://www.ietf.org/mailman/listinfo/trans
> >
> > _______________________________________________
> > Trans mailing list
> > Trans@ietf.org
> > https://www.ietf.org/mailman/listinfo/trans
> >

v2.23.0 | Report a Bug | By Email