Opened 5 years ago

Last modified 4 years ago

#160 assigned enhancement

New get-sths API for fetching all STHs in a given time range

Reported by: rob.stradling@… Owned by: rob.stradling@…
Priority: minor Milestone:
Component: to-be-decided Version:
Severity: - Keywords:
Cc:

Description

Paul Hadfield wrote:
"I have been thinking about how an
auditor’s task might be easier if Logs were required to retain their
historic STHs and provide them on request. It could be done by adding
an API along the lines of ‘get-sth-at-time’ or ‘get-sths-between-times’.
(where the first returns the STH with largest timestamp <= the timestamp
requested, and the second returns a list of STHs with timestamps in
the range requested).
Auditors could then retrieve the full STH history of a log without having
to have collected them over an extended period of time or having to
exchange them with other auditors - although verifying STHs gathered
by other parties is still worthwhile to detect split views."

Benjamin Kaduk wrote:
"It does seem like a useful feature, yes. But that utility should probably
be weighed against the added cost for the log operator, which now has to
retain STH history and provide code to service the new requests.
That extra cost is probably not very large, but it would nice to have
other opinions confirming that."

Eran wrote (off list) that he would want this proposed API to be optional for logs to implement.

Change History (4)

comment:1 Changed 5 years ago by rob.stradling@…

  • Owner changed from draft-ietf-trans-rfc6962-bis@… to rob.stradling@…
  • Status changed from new to assigned

I don't yet know if this'll make it into 6962-bis, but I've prepared a PR:
https://github.com/google/certificate-transparency-rfcs/pull/200

comment:2 Changed 5 years ago by eranm@…

  • Component changed from rfc6962-bis to to-be-decided

Moving to a TBD component since there was no consensus for getting into -bis, it's currently pending in the PR.

comment:3 Changed 4 years ago by eranm@…

  • Component changed from to-be-decided to rfc6962-bis

Given recent support for this feature (https://www.ietf.org/mail-archive/web/trans/current/msg02865.html), moving to the -bis component.

comment:4 Changed 4 years ago by eranm@…

  • Component changed from rfc6962-bis to to-be-decided

Changing component to TBD because there was no consensus around adding that, and some consensus around not having it:
https://www.ietf.org/mail-archive/web/trans/current/msg02962.html

Note: See TracTickets for help on using tickets.