Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Made gatekeeping of new checkpoints more permissive #233

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Made gatekeeping of new checkpoints more permissive #233

merged 1 commit into from
Oct 16, 2024

Conversation

mhutchinson
Copy link
Contributor

This change has two main aspects, but they are related. The first is that we now overwrite a checkpoint from a witness even if we have previously seen one of the same size. This allows infrequently updated checkpoints to have fresh witness signature timestamps. The other change is to only check the witness note signature, and not the cosignatureV1. This is a temporary change to allow signatures from the fixed implementation of this signer (transparency-dev/formats#153) to propagate into the distributor storage.

@mhutchinson
Made gatekeeping of new checkpoints more permissive
8147cc9 
This change has two main aspects, but they are related. The first is that we now overwrite a checkpoint from a witness even if we have previously seen one of the same size. This allows infrequently updated checkpoints to have fresh witness signature timestamps. The other change is to only check the witness note signature, and not the cosignatureV1. This is a temporary change to allow signatures from the fixed implementation of this signer (transparency-dev/formats#153) to propagate into the distributor storage.
@mhutchinson mhutchinson requested a review from AlCutter October 16, 2024 10:23
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Please upload report for BASE (main@683b0e9). Learn more about missing BASE report.

Files with missing lines Patch % Lines
config/config.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #233   +/-   ##
=======================================
  Coverage        ?   30.91%           
=======================================
  Files           ?        8           
  Lines           ?      524           
  Branches        ?        0           
=======================================
  Hits            ?      162           
  Misses          ?      333           
  Partials        ?       29

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mhutchinson mhutchinson merged commit cbbca8e into transparency-dev:main Oct 16, 2024
6 checks passed
@mhutchinson mhutchinson deleted the gatekeeperDowngrade branch October 16, 2024 10:56
mhutchinson added a commit to mhutchinson/distributor that referenced this pull request Oct 21, 2024
@mhutchinson
Switch back to using cosignature
2609419 
This will reinstate timestamps in the witness signatures. This was dropped in transparency-dev#233 as a temporary measure to facilitate a transition between timestamp endianness. Any sigs that aren't verified are dropped, and thus the currently deployed distributors will drop the cosignature signatures.

If we want to support keeping both witness signatures around, we'll have to do some more engineering to have multiple verifiers per witness. We would also need to look at the merging code to ensure we only merge similar signatures. It seems easier to just drop the non-timestamped sigs on entry.
@mhutchinson mhutchinson mentioned this pull request Oct 21, 2024
Merged
mhutchinson added a commit to mhutchinson/distributor that referenced this pull request Oct 23, 2024
@mhutchinson
Switch back to using cosignature
7b1fdee 
This will reinstate timestamps in the witness signatures. This was dropped in transparency-dev#233 as a temporary measure to facilitate a transition between timestamp endianness. Any sigs that aren't verified are dropped, and thus the currently deployed distributors will drop the cosignature signatures.

If we want to support keeping both witness signatures around, we'll have to do some more engineering to have multiple verifiers per witness. We would also need to look at the merging code to ensure we only merge similar signatures. It seems easier to just drop the non-timestamped sigs on entry.
mhutchinson added a commit that referenced this pull request Oct 23, 2024
@mhutchinson
Switch back to using cosignature (#241)
4a9a95b 
This will reinstate timestamps in the witness signatures. This was dropped in #233 as a temporary measure to facilitate a transition between timestamp endianness. Any sigs that aren't verified are dropped, and thus the currently deployed distributors will drop the cosignature signatures.

If we want to support keeping both witness signatures around, we'll have to do some more engineering to have multiple verifiers per witness. We would also need to look at the merging code to ensure we only merge similar signatures. It seems easier to just drop the non-timestamped sigs on entry.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlCutter AlCutter AlCutter approved these changes

Assignees

@AlCutter AlCutter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mhutchinson @codecov-commenter @AlCutter