Opened 6 years ago

Closed 5 years ago

#175 closed defect (fixed)

Clarify guarantees around MMD, STH age

Reported by: rlb@… Owned by: eranm@…
Priority: major Milestone: review
Component: rfc6962-bis Version:
Severity: - Keywords:


The TreeHeadDataV2 struct includes a timestamp, which is the only entropy that
the log can use to create different STHs per request (and thus fingerprint
users). The timestamp is supposed to indicate that the STH was generated after
the corresponding entries, but that seems more strongly indicated by the tree
head itself.

Change History (6)

comment:1 Changed 6 years ago by rob.stradling@…

  • Component changed from client-behavior to to-be-decided

comment:2 Changed 5 years ago by eranm@…

  • Component changed from to-be-decided to rfc6962-bis

The timestamp is needed to prove that a given STH was issued after a given SCT was issued and, if the MMD has passed, then it's a timestamped commitment to the presence of the entry in the log.

However the STH is also used for log liveliness check: Log must return an STH that's no older than current time-MMD.

Suggested way to address this ticket is to highlight that it may take up to twice the MMD to observe a commitment from the log on the inclusion of a given entry, in the Security Considerations section.

comment:3 Changed 5 years ago by eranm@…

  • Summary changed from Remove `timestamp` from STH? to Clarify guarantees around MMD, STH age

comment:4 Changed 5 years ago by eranm@…

  • Owner changed from draft-ietf-trans-rfc6962-bis@… to eranm@…
  • Status changed from new to assigned

comment:6 Changed 5 years ago by melinda.shore@…

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.