From 68f6bdf0f88322867b35a6ae35a0c4c3ea641884 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sat, 3 May 2014 10:54:55 +0200 Subject: Rename to ctls. --- doc/design.txt | 49 +++++++++++++++++++++++++++++-------------------- src/.erlang | 4 ++-- src/Makefile | 2 +- src/catlfish | 5 ----- src/catlfish.erl | 12 ------------ src/ctls | 5 +++++ src/ctls.erl | 12 ++++++++++++ 7 files changed, 49 insertions(+), 40 deletions(-) delete mode 100755 src/catlfish delete mode 100644 src/catlfish.erl create mode 100755 src/ctls create mode 100644 src/ctls.erl diff --git a/doc/design.txt b/doc/design.txt index ba28fdc..a83ec85 100644 --- a/doc/design.txt +++ b/doc/design.txt @@ -1,36 +1,45 @@ -catlfish design (in Emacs -*- org -*- mode) +ctls design (in Emacs -*- org -*- mode) -This document describes the design of catlfish, an implementation of a -Certificate Transparency (RFC6962) log. +This document describes the design of ctls, an implementation of a +Certificate Transparency (RFC6962) log server. We have -- persistent storage of x509 certificate chains -- a db storing the hash tree and replicating r/o copies to n - secondary nodes -- 1 primary node updating the hash tree in the r/w db -- n secondary nodes reading from local r/o db +- "a db" storing + i) x509 certificate chains and + ii) the hash tree, + replicating r/o copies to n secondary nodes +-? 1 primary node updating the db +-? n secondary nodes reading from local r/o db Nodes reply to the https requests specified in RFC 6962. -Nodes can operate in one of two modes -- primary or secondary. +?Nodes can operate in one of two modes -- primary or secondary. [TODO: A secondary node can become primary. When, how?] -Primary nodes +Node roles +- depot +- tree-maker +- tree-signer +- submission-point +- query-replyer + +?Primary nodes - store submitted cert chains in persistent media -- have write access to the database holding the hash tree -- periodically add the stored cert chains to the hash tree and sign the tree - periodically (like ever 10 minutes and at least every hour?) +- have write access to the database holding cert chains and the hash tree +- periodically add cert chains to the hash tree and sign the tree head + (like ever 10 minutes and at least every hour?) + +?Secondary nodes +- have read access to the database [which is pushed or pulled?] -Secondary nodes -- have read access to the ctlog database [which is pushed or pulled?] +The log data db +- is persistently stored on [more than one] disk [files, DETS, mnesia, + some other database?] +- grows with 5 GB per year, based on 5,000 3 kB submissions per day +- max size is 300 GB, based on 100e6 certificates The hash tree db -? is persistantly stored on disk -? is implemented as a 'protected, ram_file' DETS table -- [size] - -The log data -- is persistently stored in a file system on disk -- grows with 5 GB per year, based on 5,000 3 kB submissions per day Scaling, performance, estimates - submissions: less than 0.1 qps, based on 5,000 submissions per day diff --git a/src/.erlang b/src/.erlang index 406b099..b0147e0 100644 --- a/src/.erlang +++ b/src/.erlang @@ -1,5 +1,5 @@ -%% Erlang init file for catlfish (in Emacs -*- erlang -*- mode) -%%io:format("Inititaing for catlfish~n"). +%% Erlang init file for ctls (in Emacs -*- erlang -*- mode) +%%io:format("Inititaing for ctls~n"). code:add_pathz("https"). code:add_pathz("merkletree"). code:add_pathz("x509"). diff --git a/src/Makefile b/src/Makefile index 9650e25..62548f6 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,6 +1,6 @@ ## TODO: Consider using 'rebar' instead of Make. -MODULES = catlfish +MODULES = ctls all: subdirs $(MODULES:%=%.beam) diff --git a/src/catlfish b/src/catlfish deleted file mode 100755 index 72102d5..0000000 --- a/src/catlfish +++ /dev/null @@ -1,5 +0,0 @@ -#! /usr/bin/env escript - -main(_) -> - io:format("Hello catlfish!\n"), - catlfish:start(). diff --git a/src/catlfish.erl b/src/catlfish.erl deleted file mode 100644 index a8c5a86..0000000 --- a/src/catlfish.erl +++ /dev/null @@ -1,12 +0,0 @@ -%% This is a CA transparency log. - -%% In order to find https_server and other required modules, a couple -%% of subdirectories need to be added to the Erlang path -%% (code:add_pathz/1). This can be done through an ~/.erlang file. - --module('catlfish'). --export([start/0]). - -start() -> - io:format("Starting catlfish~n"), - https_server:start(). diff --git a/src/ctls b/src/ctls new file mode 100755 index 0000000..c3169b8 --- /dev/null +++ b/src/ctls @@ -0,0 +1,5 @@ +#! /usr/bin/env escript + +main(_) -> + io:format("Hello ctls!\n"), + ctls:start(). diff --git a/src/ctls.erl b/src/ctls.erl new file mode 100644 index 0000000..9c4c9b4 --- /dev/null +++ b/src/ctls.erl @@ -0,0 +1,12 @@ +%% This is a CA transparency log. + +%% In order to find https_server and other required modules, a couple +%% of subdirectories need to be added to the Erlang path +%% (code:add_pathz/1). This can be done in an ~/.erlang file. + +-module('ctls'). +-export([start/0]). + +start() -> + io:format("Starting ctls~n"), + https_server:start(). -- cgit v1.1