IETF Logo Mail Archive

Re: [Trans] Providing the history of STHs a log has issued (in 6962-bis)

Nick Sullivan <nick@cloudflare.com> Thu, 04 May 2017 19:21 UTC

Return-Path: <nick@cloudflare.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B70312869B for <trans@ietfa.amsl.com>; Thu, 4 May 2017 12:21:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpBBy6fXuEXo for <trans@ietfa.amsl.com>; Thu, 4 May 2017 12:21:00 -0700 (PDT)
Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA4AF128BB6 for <trans@ietf.org>; Thu, 4 May 2017 12:20:59 -0700 (PDT)
Received: by mail-ua0-x22d.google.com with SMTP id g49so15875158uaa.1 for <trans@ietf.org>; Thu, 04 May 2017 12:20:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XyOlhrDfrbCfo5jjLoWVoHI8v8kGHOqnRswUJMLOBsE=; b=bhYwNG4vhmpypg1QRcs9xhE6ODa1HgSlkVEixI6C9LHmjrcguPneiTk6REJynfcu1p ehW2HAJNOfDYynN+TcKDNzELKkG87iv5XqGdnb5F67egj4pdqWQRP73S7c/WPAk3LXXW FGUsdULvWlpgWf86CSiygXNQRqNPTqzuYAIZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XyOlhrDfrbCfo5jjLoWVoHI8v8kGHOqnRswUJMLOBsE=; b=pukzZwJwfmCYhWQVPBHKJL0jM4RLKfP+LwjxXb1OYmt+Nq/I1w/ocbvZmRuA6TgUKz yswQQvNsv/e5A7bY3imXX6xd+UL5fcB7wMLG0cGuAMIQg6QohxFNdOl9JRGTSilW5UKA aeRr34LRkOQzOEFpDA+PZk0tqkyzzHgVvuydKNocCHYscB8mUs/LcPVJCM5J3JH1D2y5 LVMGxDxeKx3vgvQIt+7WVxnwMF+k4CfztP+ZcxSteuTMNIrPWRSjAt+XWL5oJnoQKvdk asyHSmOgeHmwRY9hEx1+EoGPAcAJN0KvzDLI89JkPgzPmOwIX1ZTY/zWkcj7Qn4eMpPk 1fzg==
X-Gm-Message-State: AN3rC/65sxKhE1FuUsHFgA38KSV0INw+PVx9JfhfolpTW+kTJKlkC00F KziqPxKATNKrLiYR1yh8RlrSw4GWwvbZHZw=
X-Received: by 10.159.34.54 with SMTP id 51mr17010856uad.110.1493925658950; Thu, 04 May 2017 12:20:58 -0700 (PDT)
MIME-Version: 1.0
References: <CALzYgEe+PbYJN6Zz4NnPXBnnhYCi8Op-WmSzFKGxRv+uf+b=sA@mail.gmail.com> <20170504082636.dd0212e34e17949eb69b2fed@andrewayer.name>
In-Reply-To: <20170504082636.dd0212e34e17949eb69b2fed@andrewayer.name>
From: Nick Sullivan <nick@cloudflare.com>
Date: Thu, 04 May 2017 19:20:47 +0000
Message-ID: <CAFDDyk93AcRsCTmt+EPO6VFn-Y4D8g1ETTdGuJrtVk3rH7Xnxg@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>, Eran Messeri <eranm@google.com>
Cc: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a113e39e6391885054eb7ac3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/ZhE08ejwe3uAwCuD25PxCTPoMI0>
Subject: Re: [Trans] Providing the history of STHs a log has issued (in 6962-bis)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 19:21:02 -0000

I'm also in favor of this change. I would further suggest that this list be
required to be consistent, monotonically increasing and that the results of
this API be something that monitors exchange information about.

On Thu, May 4, 2017 at 8:28 AM Andrew Ayer <agwa@andrewayer.name> wrote:

> On Thu, 4 May 2017 13:41:59 +0100
> Eran Messeri <eranm@google.com> wrote:
>
> > I'm looking for feedback on the proposal to add an API endpoint which
> > would provide access to historical STHs issued by the log (
> > https://trac.ietf.org/trac/trans/ticket/163).
> >
> > I personally think it's a good idea to have such an API since it'd
> > allow auditing a log for past compliance with the MMD requirement.
> >
> > Rob Stradling has sent a PR
> > <https://github.com/google/certificate-transparency-rfcs/pull/200/>
> > for this.
>
> I support adding this endpoint, and I think it should be mandatory.
>
> In addition to helping monitors, this endpoint would allow a TLS client
> vendor (e.g. Mozilla) to aggregate all the STHs for a log and ship them
> in bulk to clients so that clients can easily verify a stapled
> inclusion proof without needing to make any network access.  That
> should please Mozilla.
>
> Regards,
> Andrew
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email