On Sat, Feb 16, 2013 at 1:55 PM, Ben Laurie <b...@google.com> wrote: > On 16 February 2013 10:22, Phillip Hallam-Baker <hal...@gmail.com> wrote: > > Sorry for the delay but I have been thinking of CT and in particular the > > issues of > > > > * Latency for the CA waiting for a notary server to respond > > * Business models for notary servers > > > > As a rule open source software works really well as the marginal cost of > > production is zero. Open source services tend to sux because even though > the > > marginal cost of a service is negligible, large numbers times negligible > > adds up to big numbers. Running a DNS server for a university department > > costs very little, running it for the whole university starts to cost > real > > money and running a registry like .com with 99.9999% reliability ends up > > with $100 million hardware costs. > > > > So the idea that I plug my business into a network of notary servers > being > > run by amateurs or as a community service is a non-starter for me. We > have > > to align the responsibility for running any server that the CA has a > > critical dependency on with a business model. > > Note that we do not expect CAs to talk to _all_ log servers, only > those that are appropriately responsive - and also note that a CA can > fire off a dozen log requests in parallel and then just use the first > three that come back, which would deal with any temporary log issues. > > We should probably add this ability to the open source stack at some point. > > > Looking at the CT proposal, it seems to me that we could fix the business > > model issue and remove a lot of the CA operational issues as follows: > > > > 1) Each browser provider that is interested in enforcing a CT requirement > > stands up a meta-notary server. > > > > 2) Each CA runs their own notary server and this is the only resource > that > > needs to have a check in at certificate issue. > > Isn't this part the only part that's actually needed? The > meta-notaries seem like redundant extra complication (and also sound > like they fulfil essentially the same role as monitors). > > I assume, btw, that by "notary server" you mean "log server"? > > Also, if a CA only uses its own log, what happens when it screws up > and gets its log struck off the list of trusted logs? This is why we > recommend some redundancy in log signatures.
That is the reason for checkpointing against meta notaries. Otherwise a CA might not actually release the logs. -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey