Adding an extension to STH
31 views
Skip to first unread message
Linus Gasser
Oct 22, 2015, 3:48:08 AM10/22/15
to certificate-transparency
Hello everybody,
we're working on a CoSi-project that signs messages in a collective way, and we would like to extend the CT with our work in the following way:
https://tools.ietf.org/html/draft-ford-trans-witness-00
Could somebody point me to a place in the code where I could do such an extension?
Whenever a STH is created, we would like to send out a message, wait for it to be signed by our cosi-framework (about 30 seconds), then include that signature in the STH.
Thanks in advance,
Linus
Ben Laurie
Oct 22, 2015, 4:48:33 AM10/22/15
to certificate-...@googlegroups.com
6962-bis allows for extensions in the STH. https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-10#section-5.5.1.
--
Thanks in advance,
Linus
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Linus Gasser
Oct 23, 2015, 4:13:40 AM10/23/15
to certificate-transparency
And is there some code available that implements bis-10?
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
Eran Messeri
Oct 23, 2015, 5:02:02 AM10/23/15
to certificate-...@googlegroups.com
There's some work towards implementing rfc6962-bis, mostly in cpp (https://github.com/google/certificate-transparency/tree/master/cpp).
Note that SCTs in RFC6962 can have extensions - would it make sense for you to implement the collective signature scheme for SCTs?
Eran
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
Linus Gasser
Oct 23, 2015, 10:52:18 AM10/23/15
to certificate-transparency
Yes, I saw that the field exists in the SCTs, but we would prefer having it in the STHs for the moment. I did a very basic, very rough sketch in
in
cpp/log/tree_signer-inl.h
cpp/third_party/cosi
Now I would like to run my own logserver with that extension, even if it is just to check that the signatures are correctly attached. Off to read some manuals (that I don't find...)
Now I would like to run my own logserver with that extension, even if it is just to check that the signatures are correctly attached. Off to read some manuals (that I don't find...)
Le vendredi 23 octobre 2015 11:02:02 UTC+2, Eran Messeri a écrit :
There's some work towards implementing rfc6962-bis, mostly in cpp (https://github.com/google/certificate-transparency/tree/master/cpp).Note that SCTs in RFC6962 can have extensions - would it make sense for you to implement the collective signature scheme for SCTs?Eran
On Fri, Oct 23, 2015 at 9:13 AM, Linus Gasser <ine...@gmail.com> wrote:
And is there some code available that implements bis-10?
Le jeudi 22 octobre 2015 10:48:33 UTC+2, Ben Laurie a écrit :
On Thu, 22 Oct 2015 at 08:48 Linus Gasser <ine...@gmail.com> wrote:Hello everybody,we're working on a CoSi-project that signs messages in a collective way, and we would like to extend the CT with our work in the following way:https://tools.ietf.org/html/draft-ford-trans-witness-00
Could somebody point me to a place in the code where I could do such an extension?
Whenever a STH is created, we would like to send out a message, wait for it to be signed by our cosi-framework (about 30 seconds), then include that signature in the STH.
6962-bis allows for extensions in the STH. https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-10#section-5.5.1.
--
Thanks in advance,
Linus
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages