summaryrefslogtreecommitdiff
path: root/NEWS.md
blob: a330628ffdab53f090b7553092ef096a6431b6ea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# Changes in catlfish 1.0.1-alpha-dev

## Features

- New configuration option 'storage-sign-quorum-size' determines the
  minimum number of storage nodes successfully storing an entry in
  order for signing nodes to generate an SCT for it. This prevents a
  rouge frontend node from sending out an SCT for an entry that will
  never be merged. An effect of this is that the SCT cache is now
  mandatory and can not be disabled (closes CATLFISH-28).

- Allow HTTP POST body sizes up to 10MB, when sent in chunks up to 1MB
  in size (closes CATLFISH-98).

## Bug fixes

- Don't store, and deliver in get-entries, root cert twice when
  included in submission (closes CATLFISH-96).

- Don't use nc(1) for talking to control port. It behaves incorrectly
  under some circumstances.

# Changes in catlfish 0.10.0 - 2017-02-11

## Incompatible changes

- Local configuration files need two new options: 'configurl' and
  'logadminkey'. The former is where the log administrator publishes
  the (generated) global config file and the latter can be found in
  that file.

- The previous configuration option 'publicaddresses', used by
  frontend nodes, is now 'ctapiaddresses' (closes CATLFISH-74). This
  actually happened in catlfish 0.9.0.

- The previous configuration option 'addresses' is now
  'frontendaddresses', 'storageaddresses', 'signingaddresses', and
  'mergeaddresses' (closes CATLFISH-74). This actually happened in
  catlfish 0.9.0.

- The previous configuration option 'known_roots', used by primary
  merge nodes, is now 'knownroots', to match what's being used by the
  other nodes types.

  It should be noted that regeneration of Erlang config files is
  necessary when upgrading to 0.10.0 from a previous version.

  This is indeed recommended for every release, and even recommended
  to be done before restarting of nodes, in order to take advantage of
  the new config management system.

## Features

- A new database backend, permdb, has been added. This is the
  recommended backend.

- Support for managing log configuration and log keys has been
  added. Most notably, the log API keys have moved into the global
  configuration file and a new logadmin key is used by the log owner
  to sign that file. Node operators should regularly download the
  global config, verify it and use it together with local config to
  generate the Erlang config files used by the system (closes
  CATLFISH-77).

- Many configuration options can now be reloaded without restarting
  a node (closes CATLFISH-32).

## Improvements

- Most of the merge process has been parallelised. It's now possible
  to add both new frontend nodes and new secondary merge nodes to a
  running log without risking long delays in publishing of new STH's
  (closes CATLFISH-88).

- Tooling both for initiating a log instance and for promoting a
  secondary merge node to primary in an existing log instance has been
  added.

- The tests now do a better job at testing the merge failover case.

# Changes in catlfish 0.9.0 - 2016-12-04

## Features

- Configuration for selecting database backend added.
- Tool for parsing benchmarking output and generating HTML added.

## Improvements

- A new algorithm for merge backup and merge dist has been implemented.
- Merge-backup is now sending in chunks, improving performance.
- Backup quorum is now configurable.
- Configuration format now supports combined frontend and storage
  nodes.
- Support for Erlang R17 and R18 added.
- Large tests added.

# Changes in version 0.8.0 - 2015-09-21

## Incompatible changes

- The file format for persistent storage of log entries has
  changed. catlfish-0.8.0 is unable to read a database created by all
  previous versions. Previous versions are unable to read a database
  created by 0.8.0.

## Features

- Library call for verification of entries added, used by plop.
- New config parameter 'mmd' (maximum merge delay in seconds)
  added. Used to determine if an STH is fresh. Default, if not
  configured, is 86400, equals 24 hours (closes CATLFISH-51).
- New config group 'ratelimits' added (closes CATLFISH-52).
- Verification of leaf data when read from disk (closes CATLFISH-50).
- A new program, tools/storagegc.py, updates the lastverifiednewentry
  file for storage nodes to use in fetchnewentries (closes
  CATLFISH-54).
- Test suite is now verifying correct precert handling too.

## Bug fixes

- A bug with merging root certs, i.e. lacking ExtraData has been fixed
  (closes CATLFISH-45).
- Merge now fsyncs the logorder file (closes CATLFISH-46).
- A chain returned from the log (get-entries) now always contains a
  known root cert (closes CATLFISH-55).
- Extra data for precerts returned from the log is now conformant with
  RFC6962 (closes CATLFISH-56).

## Code cleanup

- Dialyzer clean.

# Changes in version 0.7.0 - 2015-04-25

## Features

- Support for secondary merge nodes added.
- HSM support verified to work with SoftHSMv2 and one real HSM.

# Changes in version 0.6.0 - 2015-04-13

## Features

- Pre-cert handling and get-entry-and-proof implemented. Now fully
  RFC6962 protocol compliant.
- Submitted X.509 certificates and their chains are now validated.
- Application split into frontend, storage, signing and merge nodes.
  Docker packaging added for running them.
- Tools for merging, submitting certs and verifying SCT's added. This
  is a separate code base from catlfish and plop.
- A config compiler was added making it possible to generate Erlang
  syntax configuration for a complex system from simpler yaml files.
- SCT caching added, not enabled by default.

## Internal bigger changes

- Add Erlang release management and a more controlled start process.
- Use mochiweb for serving httpd (replacing inets) and json encoding
  and decoding (replacing jiffy).
- Add system and unit tests.
- catlfish/plop interface clean up.
- Use lager for logging and hackney for http client.

# Changes in version 0.1.1 - 2014-09-20

catlfish version 0.1.1 fixes a major bug in add-chain decoding and
implements get-entry-and-proof.

# catlfish version 0.1.0 "PoC" - 2014-09-15

catlfish version 0.1.0 is the proof of concept release.

## Known bugs and shortcomings

- Knows nothing about x509. Accepts any data. v1/get-roots always
  returns the empty list.
- v1/add-pre-chain is not implemented.
- v1/get-entry-and-proof is not implemented.
- HTTP status codes are 200 for errors. They should be 400.