aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--issues/add-integration-test.md15
-rw-r--r--issues/add-multi-instance-support.md17
-rw-r--r--issues/add-option-to-read-key-from-file2
-rw-r--r--issues/add-rate-limit-support.md16
-rw-r--r--issues/add-read-only-mode.md16
-rw-r--r--issues/fix-http-status-405.md24
-rw-r--r--issues/implement-decided-proposals.md29
-rw-r--r--issues/improve-error-messages.md16
-rw-r--r--issues/improve-server-configuration.md17
-rw-r--r--issues/investigate-ed25519-clamping.md20
-rw-r--r--issues/other.md9
-rw-r--r--issues/upgrade-trillian-version.md9
12 files changed, 0 insertions, 190 deletions
diff --git a/issues/add-integration-test.md b/issues/add-integration-test.md
deleted file mode 100644
index 2266be5..0000000
--- a/issues/add-integration-test.md
+++ /dev/null
@@ -1,15 +0,0 @@
-**Title:** Add integration test </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Add integration test that runs sigsum-log-go hooked-up to Trillian.
-
-# Description
-Today we don't have any integration tests. Before a new version is tagged, it
-is tested by (i) running unit tests, and (ii) running manual tests against a
-local setup of Trillian and sigsum-log-go. Automating (ii) would be helpful
-for development and increased confidence that everything works as expected.
-
-Started in branch:
-
- rgdd/integration
diff --git a/issues/add-multi-instance-support.md b/issues/add-multi-instance-support.md
deleted file mode 100644
index ce32755..0000000
--- a/issues/add-multi-instance-support.md
+++ /dev/null
@@ -1,17 +0,0 @@
-**Title:** Add multi-instance support </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Add support for multiple active sigsum-log-go instances for the same log.
-
-# Description
-A sigsum log accepts add-cosignature requests to make the final cosigned tree
-head available. Right now a single active sigsum-log-go instance is assumed per
-log, so that there is no need to coordinate cosigned tree heads among instances.
-
-Some log operators will likely want to run multiple instances of both the
-Trillian components and sigsum-log-go, backed by a managed data base setup.
-Trillian supports this, but sigsum-log-go does not due to lack of coordination.
-
-This issue requires both design considerations and an implementation of the
-`StateManager` interface to support multi-instance setups of sigsum-log-go.
diff --git a/issues/add-option-to-read-key-from-file b/issues/add-option-to-read-key-from-file
deleted file mode 100644
index 0d54760..0000000
--- a/issues/add-option-to-read-key-from-file
+++ /dev/null
@@ -1,2 +0,0 @@
-Secret key is currently passed on command line. The immediate next step is to
-have it in a file (just change how the secret key option works in main.go).
diff --git a/issues/add-rate-limit-support.md b/issues/add-rate-limit-support.md
deleted file mode 100644
index 167199d..0000000
--- a/issues/add-rate-limit-support.md
+++ /dev/null
@@ -1,16 +0,0 @@
-**Title:** Add rate limit support </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Add support for rate-limiting add-leaf requests via second-level domain name.
-
-# Description
-A sigsum log requires a submitter to prove that a domain name is aware of their
-public verification key. Rate limits can then be applied per second-level
-domain name. Trillian has built-in rate-limiting using a so-called quota
-manager; gRPC calls include an arbitrary `charge_to` string that is used as an
-identifier with regards to who should be charged for the request.
-
-First investigate whether Trillian's built-in rate limiting can be used and with
-which assumptions. For example, is `etcd` a required process? Then implement
-and document how an operator can configure sigsum-log-go with rate limits.
diff --git a/issues/add-read-only-mode.md b/issues/add-read-only-mode.md
deleted file mode 100644
index 24336f9..0000000
--- a/issues/add-read-only-mode.md
+++ /dev/null
@@ -1,16 +0,0 @@
-**Title:** Add read-only mode </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-A read-only mode is needed to facilitate maintenance and shutdowns of production
-logs. For example, after an operator has decided to cease their operations the
-log in question should be kept around for some time to allow final monitoring.
-
-# Description
-This issue requires design considerations. For inspiration, you may refer to
- [CTFE](https://github.com/google/certificate-transparency-go/tree/master/trillian/ctfe).
-
-At minimum it should be possible to (i) disable all write endpoints, and (ii)
-serve a cosigned tree head for all add-leaf requests that were already merged.
-
-It would be good to consider if we need a mirror-mode before getting started.
diff --git a/issues/fix-http-status-405.md b/issues/fix-http-status-405.md
deleted file mode 100644
index 7a06288..0000000
--- a/issues/fix-http-status-405.md
+++ /dev/null
@@ -1,24 +0,0 @@
-**Title:** Fix HTTP status 405 </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Stop returning HTTP Status 405 or ensure that RFC 2616 is followed.
-
-# Description
-When using HTTP GET for a POST endpoint or vice versa, HTTP status code 405 is
-currently returned by sigsum-log-go. According to RFC 2616, an Allow header MUST
-be included in the response. This issue requires figuring out what
-sigsum-log-go should do: not return HTTP Status 405 or adhere to RFC 2616?
-
-Extract from RFC 2616:
-```
-10.4.6 405 Method Not Allowed
-
-The method specified in the Request-Line is not allowed for the resource
-identified by the Request-URI. The response MUST include an Allow header
-containing a list of valid methods for the requested resource.
-```
-
-To find the relevant parts in the sigsum-log-go code, see the output of
-
- git grep StatusMethodNotAllowed
diff --git a/issues/implement-decided-proposals.md b/issues/implement-decided-proposals.md
deleted file mode 100644
index 5b04890..0000000
--- a/issues/implement-decided-proposals.md
+++ /dev/null
@@ -1,29 +0,0 @@
-**Title:** Implement decided proposals </br>
-**Date:** 2022-01-16 </br>
-
-# Summary
-Implement decided proposals according to the latest Sigsum v0 API.
-
-# Description
-Several proposals were decided to feature freeze the Sigsum v0 API. These
-proposals were documented in:
-
- sigsum/archive/2022-01-04-proposal*
- sigsum/doc/2021-11*
-
-There is a draft on bringing the above into main documentation in
-
- rgdd/proposals
-
-Current status on implementing the above:
-
-* [x] open-ended shard interval
-* [x] ssh signing format
- * implement in sigsum-lib-go by updating `ToBinary()`
- * then pick up the new sigsum-lib-go version in sigsum-log-go
-* [x] remove arbitrary bytes
-* [ ] get-\* endpoints
-* [ ] domain hint
- - sigsum-log-go should drop-in replace sigsum-lib-go/pkg/dns
-* [ ] add-leaf
-* [x] tree-head endpoints
diff --git a/issues/improve-error-messages.md b/issues/improve-error-messages.md
deleted file mode 100644
index 773d2d7..0000000
--- a/issues/improve-error-messages.md
+++ /dev/null
@@ -1,16 +0,0 @@
-**Title:** Improve error messages </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Error messages that are returned by the log need to be looked-over.
-
-# Description
-Some error messages are too verbose and may even span multiple lines. Error
-messages that span multiple lines violate the Sigsum API specification. This
-issue requires seeing over what error messages are currently returned, then
-ensuring that what becomes externally visible is appropriate.
-
-Examples of appropriate error messages:
-- `Error=unknown witness with key hash $hash`
-- `Error=invalid tree head signature for tree head with timestamp $t`
-- `Error=rate limit exceeded for $domain_hint`
diff --git a/issues/improve-server-configuration.md b/issues/improve-server-configuration.md
deleted file mode 100644
index 7e9de71..0000000
--- a/issues/improve-server-configuration.md
+++ /dev/null
@@ -1,17 +0,0 @@
-**Title:** Improve server configuration and documentation </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Make server configuration more robust and dynamically updatable without restart.
-
-# Description
-All server configurations are currently done via command-line arguments. This
-may be OK for settings that last through a log's entire lifetime. However, it
-is inappropriate for parameters like `--witnesses` which are not static.
-
-Reading a configuration file at start and when receiving, say, SIGHUP, is an
-alternative. Implementing a "control port", typically via a TCP endpoint, where
-an administrator can "program" the log instance is another alternative.
-
-This issue requires some design considerations before getting started. It would
-be good to improve documentation on how to run sigsum-log-go at the same time.
diff --git a/issues/investigate-ed25519-clamping.md b/issues/investigate-ed25519-clamping.md
deleted file mode 100644
index 46aaa39..0000000
--- a/issues/investigate-ed25519-clamping.md
+++ /dev/null
@@ -1,20 +0,0 @@
-**Title:** Investigate Ed25519 clamping behavior</br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Ed25519 signatures have three bits that should be zero due to clamping. What
-happens when verifying a signature that has these three bits set to something
-else? Sigsum requires that such a signature is rejected.
-
-# Description
-First confirm that Ed25519 signatures are clamped as described in the summary,
-then investigate how `Verify()` is implemented in `"crypto/ed25519"`. The
-assumed sigsum-log-go behavior is that `Verify()` is strict. In other words, a
-signature that is not clamped correctly should be rejected and not "fixed".
-
-If a signature is "fixed" it would be possible to replay add-leaf requests. A
-replay is bad for the log due to overhead. A replay is also bad for the
-legitimate submitter because it eats into their rate limit (DoS vector).
-
-The following part of Go's implementation might be a good place to start:
-- https://cs.opensource.google/go/go/+/refs/tags/go1.16.4:src/crypto/ed25519/ed25519.go;l=208
diff --git a/issues/other.md b/issues/other.md
deleted file mode 100644
index de7df3b..0000000
--- a/issues/other.md
+++ /dev/null
@@ -1,9 +0,0 @@
-**Title**: Other </br>
-**Date**: 2021-12-09 </br>
-
-# Summary
-A list of TODOs that lacks a better home for now.
-
-# Description
-- Monitoring: requires both design and implementation in a separate repo. There
-are no particular requirements regarding which programming language to use.
diff --git a/issues/upgrade-trillian-version.md b/issues/upgrade-trillian-version.md
deleted file mode 100644
index bcf59b9..0000000
--- a/issues/upgrade-trillian-version.md
+++ /dev/null
@@ -1,9 +0,0 @@
-**Title:** Upgrade Trillian version </br>
-**Date:** 2021-12-09 </br>
-
-# Summary
-Upgrade Trillian version to v1.4.0.
-
-# Description
-Trillian v1.4.0 was released in September. Some structures changed format and
-so will require a little bit of adapting in pkg/trillian, see compile errors.