Re: [Trans] Removal of STH from get-entries response
Eran Messeri <eranm@google.com> Wed, 03 May 2017 16:59 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51ED01275C5 for <trans@ietfa.amsl.com>; Wed, 3 May 2017 09:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AIoCvSfiJfY for <trans@ietfa.amsl.com>; Wed, 3 May 2017 09:59:45 -0700 (PDT)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAF6C129503 for <trans@ietf.org>; Wed, 3 May 2017 09:57:55 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id e65so41308942ita.1 for <trans@ietf.org>; Wed, 03 May 2017 09:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Eki3IBGr4MvxeVxBNPozGEHi7t/oQGBZ2IcluqRGXHY=; b=c3PyCrb/6QoGFj5gmFbcGabZ8nzGDs0GJUXFScxnq4zpN3oeLQlZt6pHFBRkPvPqOy yGIdAj6HIsOY5O2iDM7afjDlh85MHlC59DlyrYFo0BLZGXCApgx+7PEaP1QaXxEeiqab HJCTYaOfCi1S0+agMv1ubDYlpqiTsI/+nCYoJwE09jcZNUKOs5nqVTbj+hwmkjWTxa3r nWurjA9fPWKKf1ONcJxGD/2G+9BwvZHzET2tTQSPvTXgwnmnPsymVxR7+0ns7dW/W5d7 RlFkJGtgpUL/psxmtlazmpOgBvDn4VWMKzEDUOj3VisIcPj4F7BMOT/sIy+SaawhLZrx driA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Eki3IBGr4MvxeVxBNPozGEHi7t/oQGBZ2IcluqRGXHY=; b=GQR+nfF4BDOtyCwygOQZhdCWWqa8+hM+gm1QqGr0CNDn6voAxa3+WEGVU+ARSCav8B U+DRKUfRxHg57kNgjg4KhXVx6LZyBBwzkK58rYNtzpPGKOlbJkQ0Cahu3VpQPewoSSYU c7TLw98dJ9/cxKVkGb4FH94PFOCuSG8AyXNEt0Z/Rz3Mozx+j/feuraYG4LJdRUXR/Hg K11nM2QvFVOYlZLURp4Zs53El0CswVFDh1rMgwuGG5CxoISWK2NnXH3F+MT28gk6oXZC 6wOmLhMcY2CqwzyyvdxhylntWRVGzVtP+fc8z4YUb4o7Amlx9g7Fdb8hOXpEJSXlUy/Z UOgw==
X-Gm-Message-State: AN3rC/6c16DVl7T1mrmlK59rXw1cNA8QBqHsLcjbTfFs9zdj7aZjjC22 rVNFPMXJRJVb/naxszgci7N5rrd94/RgCGA=
X-Received: by 10.36.43.130 with SMTP id h124mr1803898ita.42.1493830674950; Wed, 03 May 2017 09:57:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.7.36 with HTTP; Wed, 3 May 2017 09:57:24 -0700 (PDT)
In-Reply-To: <20170503093845.828d3c193389cd71c3157d3b@andrewayer.name>
References: <20170503093845.828d3c193389cd71c3157d3b@andrewayer.name>
From: Eran Messeri <eranm@google.com>
Date: Wed, 03 May 2017 17:57:24 +0100
Message-ID: <CALzYgEfMCjFyMO+X5J4SRoehCyiiHSa1wCg42A-TwznvEG70tg@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a1145b0aabca738054ea18eba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/Wg2S3qU_XCYBY-WEtVfULsRfOAc>
Subject: Re: [Trans] Removal of STH from get-entries response
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 16:59:50 -0000
Thanks for the feedback - I've reverted this change now, due to your and Ben's objections (There were no objections to these changes on the trans meeting, hence why I thought there was consensus for them). Given there's a clear, concrete use for having this field in the get-entries response, I proposed closing tickets 168 <https://trac.ietf.org/trac/trans/ticket/168> and 169 <https://trac.ietf.org/trac/trans/ticket/169> as wontfix. On Wed, May 3, 2017 at 5:38 PM, Andrew Ayer <agwa@andrewayer.name> wrote: > I just noticed that > https://github.com/google/certificate-transparency-rfcs/pull/233 was > merged, removing the STH from the get-entries response. > > I am opposed to this change. The STH was added to the get-entries > response to address skew between log frontends, a problem that arises > today with RFC6962 deployments. Regularly, the Google CT logs will > advertise a particular STH to my monitor. but fail to return entries > all the way to that STH because the get-entries request is serviced by > a different frontend which is lagging behind. When this happens, my > monitor cannot authenticate the entries it just received, so it has to > discard all of them and download them again later. This is a waste of > bandwidth and slows down my monitor. Returning the latest STH with the > get-entries response would allow my monitor to authenticate the entries > and make forward progress. > > If the STH is removed from the get-entries response, this problem needs > to be addressed a different way, such as by forbidding logs from > exhibiting skew. I suspect that the Google log operators wouldn't > like that. > > The same argument applies to the removal of the STH from the > get-sth-consistency response > (https://github.com/google/certificate-transparency-rfcs/pull/237), > which I also oppose. > > What is the plan for the remaining PRs? If folks have comments, should > we be sending them to the list now? > > Regards, > Andrew > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- Re: [Trans] Removal of STH from get-entries respo… Melinda Shore
- [Trans] Removal of STH from get-entries response Andrew Ayer
- Re: [Trans] Removal of STH from get-entries respo… Eran Messeri
- Re: [Trans] Removal of STH from get-entries respo… Melinda Shore