search

grandamp / certificate-transparency

Clone of https://github.com/google/certificate-transparency/
Apache License 2.0
0 stars 0 forks source link

Trillian? #3

Open rmhrisk opened 7 years ago

rmhrisk commented 7 years ago

@grandamp we are making good progress with the Trillian based logs, if your getting started now I would go there instead of starting on this version : https://github.com/google/trillian

grandamp commented 7 years ago

Thanks for the feedback @rmhrisk!

I have been paying attention to Trillian, especially PKCS#11 signer support (#611).

While key generation and signing can be offloaded to a FIPS validated HSM via PKCS#11, I'm also trying to figure out how the digesting operations can be handled by a FIPS validated implementation (assuming that it still occurs in software). I'm not certain if this will present a challenge to a Federal Agency attempting to host a log, as they are required to adhere to all FIPS.

Otherwise, I was not certain how much Trillian is used in operational logs today given the following in the README.md:

WARNING: The Trillian codebase is still under development, and is not yet suitable for production use. Everything here is subject to change without notice – including APIs, database schemas, and code layout.

rmhrisk commented 7 years ago

@grandamp I don't think there will be a problem building Trillian with Boring in FIPS mode.

As for the operational readiness of Trillian, I expect in the next couple months that to go away as Google and others launch logs based on it.

grandamp commented 7 years ago

@rmhrisk Thanks! Although, I was not aware that Boring was FIPS validated (yet - pending review: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf), with the exception of Samsung's implementation (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2746.pdf). Samsung's implementation appears to only run on Android.

Is there a draft security policy (or other documentation) available so that I can dig into this ASAP?

rmhrisk commented 7 years ago

Yes, it is not validated yet but will be soon (I hope).

As for the security policy for Boring, I can ask if there is a public copy, I imagine there is since it was submitted for evaluation/review already.

Anyway, if your going to spend time on this I really think Trillian is the way to go.

grandamp commented 7 years ago

Ironic, as I was talking with @sleevi and @pzb about BoringCrypto on Monday ;)

Thanks again, and I'm taking a look at the code now!

rmhrisk commented 7 years ago

All crypto should be boring ;)