Invalid/non-linear STHs are ignored as long as they have a smaller tree size than current

letsencrypt / ct-woodpecker

A tool to monitor a certificate transparency log for operational problems

Mozilla Public License 2.0

182 stars 19 forks source link

Invalid/non-linear STHs are ignored as long as they have a smaller tree size than current #65

Open rolandshoemaker opened 6 years ago

rolandshoemaker commented 6 years ago

This was introduced to allow us to keep operating when a log serves cached STHs that are smaller than the one we most recently saw (i.e. when they are serving stale STHs from M of N frontend nodes). This prevents us from catching a number of broken log cases.

Instead we should store a list of all STHs we've previously observed and verify the returned STHs against this list (using the existing storage layer to manage the list). This will allow us to spot bad STHs.

cpu commented 6 years ago

This prevents us from catching a number of broken log cases.

Can you expand on what cases we'd miss? I'm not clear what the bad STHs we'd spot are. A new previously unseen STH for a smaller treesize vs an existing STH for the smaller treesize that we've already seen?

cpu commented 5 years ago

@rolandshoemaker bump on :point_up: ? It would be helpful to have the broken log cases you think this would be helpful with made more explicit (can ct-test-srv as implemented in this repo simulate them for example?)