Re: [Trans] What's the load on a CT log?

Ben Laurie <benl@google.com> Thu, 13 March 2014 17:54 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45C01A0A36 for <trans@ietfa.amsl.com>; Thu, 13 Mar 2014 10:54:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id istFR6FtUUr5 for <trans@ietfa.amsl.com>; Thu, 13 Mar 2014 10:54:22 -0700 (PDT)
Received: from mail-vc0-x233.google.com (mail-vc0-x233.google.com [IPv6:2607:f8b0:400c:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 664D11A0A0F for <trans@ietf.org>; Thu, 13 Mar 2014 10:54:22 -0700 (PDT)
Received: by mail-vc0-f179.google.com with SMTP id ij19so1512186vcb.38 for <trans@ietf.org>; Thu, 13 Mar 2014 10:54:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OKCZwQ6Vz2/SdbOSNNp1Gv517JQWB7Z+vqzkQics45U=; b=pUMeqK3NnpEDjMETkxSrD0Zo3/IJIFHYjADq41oxa/Nm1u5SGIDgQXqS5DvTeFT3f+ VFLA6DuyQynr7RDVsp4OY8pc8K6eCuZ11B3H7yKVnyOTx1qoPVaJ+cqnyQct60q2Gls0 WbprwPVzGEU01650y9SwpDi3pCs5wmpkw6UpsbMWujG3fMsaa6BuD3py0amlU7s5OkiW OVjvCOklVC0+2uz0br/h+WgXfuNreSOOfYfCbjqQLZlzbzDNMkkyem8sddM4sSOO8IWP t/ODGDFVBu4yKvRAVJ8M7x1ZJ3gr43h+aqGNUA5k7ur7u2lgiiRahyn140nBEdzdklFQ jcLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=OKCZwQ6Vz2/SdbOSNNp1Gv517JQWB7Z+vqzkQics45U=; b=b3VBs23w9Loiklt6vZLGud3zS90bDhJJpIWTjKfI2/BOyXJkYjeXL8u0mv7agZWHDP wJJ+q3dWWkkgjIoIUdUJ9fnWgM+82SFSxdmHccOYD+ic7IYIXtRmTxT0rbohYKowW8Tc mS+fvDsBkdAc259VDy9aYgA+tz/Ux97mSlmZeCdyrOXAfkRHZzBdYiPmE/kZbou+Jf8S AWt2G/WBNjYeYxyHIZs6a77aTY8cj1oFzS8G1bhEo2V0m1vAJL1TmeH5ksTlVw69K9kF a+0+q+E3Vb6Hu/r9+5th+0bGPiUxeVGjmzEMwdQgVGDg2LnsSGvW+US4KesC0f3vWQf/ 74KQ==
X-Gm-Message-State: ALoCoQndy8NJlyT9L47LMKZqTZT7p8vu0gduAHrGj53hlG5Q8CxX3WEQA4GpyrBFkLqjEgh7nlMFLqW+6ebirPZ6rDRxAj4WcvCe8saTUfCqG/SD0D9uk5qzU3ZdYmCnKhmgiK0oC03ML2LKDWfSEVwt+FW3+rCe0ez4D7lX2NMlP3oRrRT27I9Szq5NKQghN2imSX39CHhG
MIME-Version: 1.0
X-Received: by 10.221.29.196 with SMTP id rz4mr2548925vcb.8.1394733255665; Thu, 13 Mar 2014 10:54:15 -0700 (PDT)
Received: by 10.52.230.105 with HTTP; Thu, 13 Mar 2014 10:54:15 -0700 (PDT)
In-Reply-To: <5321DD69.2040805@fifthhorseman.net>
References: <CABrd9SR4G6hEUEW9yHLyS40Km3+jmK8K-tEjLMjLqN1M+Go_=g@mail.gmail.com> <5321DD69.2040805@fifthhorseman.net>
Date: Thu, 13 Mar 2014 17:54:15 +0000
Message-ID: <CABrd9SSsGENdO9duWoYKKeSfmKqNupWpFgfZu1G_dHZPB+Qfow@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/u1bW-U6v0ULF-hEDW13jvsQ7saA
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, "trans@ietf.org" <trans@ietf.org>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [Trans] What's the load on a CT log?
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 17:54:23 -0000

On 13 March 2014 16:31, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> And i agree this seems like a win.  Why was the API broken into three
> parts instead of the complete proof originally?  what (other than
> conceptual cleanliness) might we lose by creating the optimized API?

Forgot to answer this part - it was broken up purely for conceptual
cleanness. I'd probably leave the independent APIs but introduce a new
do-everything-at-once API.

There are actually good reasons to combine them anyway when you're
looking at a load-balanced setup (skew between servers may cause some
calls to fail - e.g. I get an STH from one server, then try to get
audit against that STH from another that is slightly behind, which
will fail).