summaryrefslogtreecommitdiff
path: root/doc/design.txt
blob: c4b5f2ac61ea052062707f0e9ad8826f9d2d9398 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
catlfish design (in Emacs -*- org -*- mode)

This document describes the design of catlfish, an implementation of a
Certificate Transparency (RFC6962) log.

We have
- a db storing the log (persistently) and replicating r/o copies to n
  secondary nodes
- 1 primary node writing the hash tree to the r/w db
- n secondary nodes reading from local r/o db

Nodes reply to the https requests specified in RFC 6962.
Nodes can operate in one of two modes -- primary or secondary.
[TODO: A secondary node can become primary. When, how?]

Primary nodes
- have write access to the ctlog database (Mnesia?) holding the hash
  tree
- store submitted cert chains on disk (DETS?)
- add the stored cert chains to the hash tree and sign the tree
  periodically (at least every 30-60 minutes or so)

Secondary nodes
- have read access to the ctlog database

Open questions
- What's a good MMD? Google seem to use an MMD of well over 1h at the
  moment (early 2014).