system-transparency / stfe Goto Github PK
View Code? Open in Web Editor NEWTrillian personality that implements the Signature Transparency Logging API
License: Apache License 2.0
Trillian personality that implements the Signature Transparency Logging API
License: Apache License 2.0
Sharding is described in our design document and API specification. It is currently not enforced, however. Any shard hint is accepted by the log.
Possible steps to enforce sharding:
An anti-spam mechanism is briefly described in our design document and API specification. It is currently not enforced, however. As a first step we need to enforce domain hints.
Possible steps to enforce domain hints:
All server configuration is done through "go flags", ie command arguments to the program. This is good for configuration settings which last through the lifetime of an invocation of a log instance, ie from launch to Ctrl-C. Examples: --http_endpoint
, --key
. It's less good for settings that change over time. Example: --witnesses
.
Reading a configuration file at start and when receiving, say, SIGHUP, is an alternative.
Implementing a "control port", typically a TCP endpoint, where an administrator can "program" the log instance is another alternative. Such an interface can also be used for diagnostics.
First bullet list:
"A signature that covers checksum and identifier using the submitter's secret signing key."
(1) I think it would be good to clarify that it is a cryptographic signature, to distinguish from the checksum
(2) The word "covers" is a bit ambiguous. I suggest you clarify what it means in this context.
The process of shutting down a log will likely consist of at least two steps:
The first step requires some form of read-only mode. For example:
For inspiration we can also look at certificate transparency, see CTFE.
If I recall correctly an Ed25519 signature has 3 bits that should always be zero. What happens if any of the 3 bits are not zero during signature verification? It probably depends on the implementation. I would expect that the signature is rejected. However, a possible behavior that I would not expect is that the three bits are zeroed ("fixed").
We need the signature to be rejected; not fixed. Otherwise it is possible to replay a logged entry several times by enumerating the remaining bit patterns. Replays are bad for the log (overhead). Replays are also bad for the legitimate submitter because it will eat into their rate limit (DoS vector).
It would be great if anyone could:
After a quick look this might be the place to understand:
https://cs.opensource.google/go/go/+/refs/tags/go1.16.4:src/crypto/ed25519/ed25519.go;l=208
An anti-spam mechanism is briefly described in our design document and API specification. One part of it is based on DNS, see #8. The other part is to apply rate limits for the respective second-level domain names.
Trillian supports something like this already. Relevant links:
charge_to
option.Some minor nits on the README
The first bullet in the first list: "A checksum that covers something opaque, e.g., an executable binary."
(1) "Covers" is not a well defined word (I think) when it comes to checcksums. I would suggest "represents".
(2) "something opaque" -> "a data item of opaque type"?
(3) "e.g., an executable binary". The twxt before the bullet gives examples that are not executable binaries. This seems like a surprising limitation.
When using HTTP GET for a POST endpoint or vice versa, HTTP status code 405 is returned by the server. According to RFC2616 an Allow
header MUST be included in the response.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.