diff options
| -rw-r--r-- | doc/design.txt | 49 | ||||
| -rw-r--r-- | src/.erlang | 4 | ||||
| -rw-r--r-- | src/Makefile | 2 | ||||
| -rwxr-xr-x | src/catlfish | 5 | ||||
| -rwxr-xr-x | src/ctls | 5 | ||||
| -rw-r--r-- | src/ctls.erl (renamed from src/catlfish.erl) | 6 |
6 files changed, 40 insertions, 31 deletions
diff --git a/doc/design.txt b/doc/design.txt index ba28fdc..a83ec85 100644 --- a/doc/design.txt +++ b/doc/design.txt @@ -1,36 +1,45 @@ -catlfish design (in Emacs -*- org -*- mode) +ctls design (in Emacs -*- org -*- mode) -This document describes the design of catlfish, an implementation of a -Certificate Transparency (RFC6962) log. +This document describes the design of ctls, an implementation of a +Certificate Transparency (RFC6962) log server. We have -- persistent storage of x509 certificate chains -- a db storing the hash tree and replicating r/o copies to n - secondary nodes -- 1 primary node updating the hash tree in the r/w db -- n secondary nodes reading from local r/o db +- "a db" storing + i) x509 certificate chains and + ii) the hash tree, + replicating r/o copies to n secondary nodes +-? 1 primary node updating the db +-? n secondary nodes reading from local r/o db Nodes reply to the https requests specified in RFC 6962. -Nodes can operate in one of two modes -- primary or secondary. +?Nodes can operate in one of two modes -- primary or secondary. [TODO: A secondary node can become primary. When, how?] -Primary nodes +Node roles +- depot +- tree-maker +- tree-signer +- submission-point +- query-replyer + +?Primary nodes - store submitted cert chains in persistent media -- have write access to the database holding the hash tree -- periodically add the stored cert chains to the hash tree and sign the tree - periodically (like ever 10 minutes and at least every hour?) +- have write access to the database holding cert chains and the hash tree +- periodically add cert chains to the hash tree and sign the tree head + (like ever 10 minutes and at least every hour?) + +?Secondary nodes +- have read access to the database [which is pushed or pulled?] -Secondary nodes -- have read access to the ctlog database [which is pushed or pulled?] +The log data db +- is persistently stored on [more than one] disk [files, DETS, mnesia, + some other database?] +- grows with 5 GB per year, based on 5,000 3 kB submissions per day +- max size is 300 GB, based on 100e6 certificates The hash tree db -? is persistantly stored on disk -? is implemented as a 'protected, ram_file' DETS table -- [size] - -The log data -- is persistently stored in a file system on disk -- grows with 5 GB per year, based on 5,000 3 kB submissions per day Scaling, performance, estimates - submissions: less than 0.1 qps, based on 5,000 submissions per day diff --git a/src/.erlang b/src/.erlang index 406b099..b0147e0 100644 --- a/src/.erlang +++ b/src/.erlang @@ -1,5 +1,5 @@ -%% Erlang init file for catlfish (in Emacs -*- erlang -*- mode) -%%io:format("Inititaing for catlfish~n"). +%% Erlang init file for ctls (in Emacs -*- erlang -*- mode) +%%io:format("Inititaing for ctls~n"). code:add_pathz("https"). code:add_pathz("merkletree"). code:add_pathz("x509"). diff --git a/src/Makefile b/src/Makefile index 9650e25..62548f6 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,6 +1,6 @@ ## TODO: Consider using 'rebar' instead of Make. -MODULES = catlfish +MODULES = ctls all: subdirs $(MODULES:%=%.beam) diff --git a/src/catlfish b/src/catlfish deleted file mode 100755 index 72102d5..0000000 --- a/src/catlfish +++ /dev/null @@ -1,5 +0,0 @@ -#! /usr/bin/env escript - -main(_) -> - io:format("Hello catlfish!\n"), - catlfish:start(). diff --git a/src/ctls b/src/ctls new file mode 100755 index 0000000..c3169b8 --- /dev/null +++ b/src/ctls @@ -0,0 +1,5 @@ +#! /usr/bin/env escript + +main(_) -> + io:format("Hello ctls!\n"), + ctls:start(). diff --git a/src/catlfish.erl b/src/ctls.erl index a8c5a86..9c4c9b4 100644 --- a/src/catlfish.erl +++ b/src/ctls.erl @@ -2,11 +2,11 @@ %% In order to find https_server and other required modules, a couple %% of subdirectories need to be added to the Erlang path -%% (code:add_pathz/1). This can be done through an ~/.erlang file. +%% (code:add_pathz/1). This can be done in an ~/.erlang file. --module('catlfish'). +-module('ctls'). -export([start/0]). start() -> - io:format("Starting catlfish~n"), + io:format("Starting ctls~n"), https_server:start(). |