From bf2fe5fec86d91d10d8ac1cb93de9c428f7add56 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 20 Jul 2022 14:27:10 +0200 Subject: add permit lack of witness cosignatures proposal --- doc/proposals/2022-07-permit-lack-of-witness-cosignatures | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 doc/proposals/2022-07-permit-lack-of-witness-cosignatures (limited to 'doc') diff --git a/doc/proposals/2022-07-permit-lack-of-witness-cosignatures b/doc/proposals/2022-07-permit-lack-of-witness-cosignatures new file mode 100644 index 0000000..c0ac549 --- /dev/null +++ b/doc/proposals/2022-07-permit-lack-of-witness-cosignatures @@ -0,0 +1,13 @@ +# Proposal + +In api.md, §3.2: + + - Permit that "key_hash" and "cosignature" are omitted by the log when there + are no witness cosignatures to set in the response. + +# Motivation + +It should be possible to return success on the get-tree-head-cosigned endpoint +even if no witness provided a co-signature for the current to-cosign tree head. + +This change makes it possible to return 200 OK without witnesses. -- cgit v1.2.3 From 9939d41f37ff2b1b246eb62c7c54393f1be3e18e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 20 Jul 2022 15:00:10 +0200 Subject: add replace domain hint with rate limit proposal --- .../2022-07-replace-domain-hint-with-rate-limit | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 doc/proposals/2022-07-replace-domain-hint-with-rate-limit (limited to 'doc') diff --git a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit new file mode 100644 index 0000000..c1570c9 --- /dev/null +++ b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit @@ -0,0 +1,33 @@ +# Proposal + +Replace the "domain_hint" key in the input to the add-leaf endpoint with +"rate-limit". The value associated with the "rate-limit" key is on the format: + + method:data + +where the defined methods are: + + - dns: the exact same semantics as today's domain hint + - token: a shared secret that is negotiated between submitter and the log + operator out-of-band + +Example of a rate-limit line using DNS: + + rate_limit=dns:_sigsum_v0.example.org + +Example of a rate-limit line using token: + + rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx + +The "rate_limt" key must not be repeated. + +The "rate_limit" key may be omitted. It is then up to the log server to accept +or reject the user's requests. + +# Motivation + +There are more ways to establish something to rate-limit on than domain hints. +The name "domain_hint" is also not descrptive; it makes understanding harder. + +It is also plausible that a log operator wants to run without a rate limit in +some environments. The above change permits this as well. -- cgit v1.2.3 From df0eb7de5e7b8fdf3760a6a18609a6e016957602 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 21 Jul 2022 14:48:35 +0200 Subject: add proposal to drop "sigsum/v0" criteria --- doc/proposals/2022-07-endpoint-url | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 doc/proposals/2022-07-endpoint-url (limited to 'doc') diff --git a/doc/proposals/2022-07-endpoint-url b/doc/proposals/2022-07-endpoint-url new file mode 100644 index 0000000..024c3b8 --- /dev/null +++ b/doc/proposals/2022-07-endpoint-url @@ -0,0 +1,12 @@ +# Proposal + +Drop the criteria that the constant "sigsum/v0" must be after a log's URL and +before a named endpoint. This does not change the definition of a log URL, but +does mean "" is appended to it rather than "sigsum/v0/". + +# Motivation + + - Protocol and version does not change for an active log and it should already + be communicated to clients via policy. + - A log operator that wants to specify protocol and/or version as part of + their URL can still do so, either in their domain name or the optional path. -- cgit v1.2.3 From 54a6e87334dfb93f01820e65ab08233cb932eb4d Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 21 Jul 2022 15:04:45 +0200 Subject: add renaming proposal --- doc/proposals/2022-07-api-renaming.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 doc/proposals/2022-07-api-renaming.md (limited to 'doc') diff --git a/doc/proposals/2022-07-api-renaming.md b/doc/proposals/2022-07-api-renaming.md new file mode 100644 index 0000000..dafa98c --- /dev/null +++ b/doc/proposals/2022-07-api-renaming.md @@ -0,0 +1,23 @@ +# Proposal + +Rename the following endpoints: + + - s/get-tree-head-to-cosign/get-untrusted-tree-head/ + - s/get-tree-head-cosigned/get-tree-head/ + - s/get-leaves/get-entries/ + - s/add-leaf/add-entry/ + +Rename the following ASCII keys: + + - s/start_size/start_index/ + - s/end_size/end_index/ + +(Reminder: specify zero-based index.) + +# Motivation + +Improve readability of api.md, especially for those that skim it quickly. For +example, "untrusted-tree-head" is a very strong signal for what you don't want, +and it should be easier to relate to the term "entry" rather than a "leaf". + +The renamed ASCII keys better reflect the text that describes them. -- cgit v1.2.3 From b3ca97dbd0b725b3fd0d5616d0d94984631d33a2 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 21 Jul 2022 15:05:59 +0200 Subject: add .md suffix --- doc/proposals/2022-07-endpoint-url | 12 -------- doc/proposals/2022-07-endpoint-url.md | 12 ++++++++ .../2022-07-permit-lack-of-witness-cosignatures | 13 --------- .../2022-07-permit-lack-of-witness-cosignatures.md | 13 +++++++++ .../2022-07-replace-domain-hint-with-rate-limit | 33 ---------------------- .../2022-07-replace-domain-hint-with-rate-limit.md | 33 ++++++++++++++++++++++ 6 files changed, 58 insertions(+), 58 deletions(-) delete mode 100644 doc/proposals/2022-07-endpoint-url create mode 100644 doc/proposals/2022-07-endpoint-url.md delete mode 100644 doc/proposals/2022-07-permit-lack-of-witness-cosignatures create mode 100644 doc/proposals/2022-07-permit-lack-of-witness-cosignatures.md delete mode 100644 doc/proposals/2022-07-replace-domain-hint-with-rate-limit create mode 100644 doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md (limited to 'doc') diff --git a/doc/proposals/2022-07-endpoint-url b/doc/proposals/2022-07-endpoint-url deleted file mode 100644 index 024c3b8..0000000 --- a/doc/proposals/2022-07-endpoint-url +++ /dev/null @@ -1,12 +0,0 @@ -# Proposal - -Drop the criteria that the constant "sigsum/v0" must be after a log's URL and -before a named endpoint. This does not change the definition of a log URL, but -does mean "" is appended to it rather than "sigsum/v0/". - -# Motivation - - - Protocol and version does not change for an active log and it should already - be communicated to clients via policy. - - A log operator that wants to specify protocol and/or version as part of - their URL can still do so, either in their domain name or the optional path. diff --git a/doc/proposals/2022-07-endpoint-url.md b/doc/proposals/2022-07-endpoint-url.md new file mode 100644 index 0000000..024c3b8 --- /dev/null +++ b/doc/proposals/2022-07-endpoint-url.md @@ -0,0 +1,12 @@ +# Proposal + +Drop the criteria that the constant "sigsum/v0" must be after a log's URL and +before a named endpoint. This does not change the definition of a log URL, but +does mean "" is appended to it rather than "sigsum/v0/". + +# Motivation + + - Protocol and version does not change for an active log and it should already + be communicated to clients via policy. + - A log operator that wants to specify protocol and/or version as part of + their URL can still do so, either in their domain name or the optional path. diff --git a/doc/proposals/2022-07-permit-lack-of-witness-cosignatures b/doc/proposals/2022-07-permit-lack-of-witness-cosignatures deleted file mode 100644 index c0ac549..0000000 --- a/doc/proposals/2022-07-permit-lack-of-witness-cosignatures +++ /dev/null @@ -1,13 +0,0 @@ -# Proposal - -In api.md, §3.2: - - - Permit that "key_hash" and "cosignature" are omitted by the log when there - are no witness cosignatures to set in the response. - -# Motivation - -It should be possible to return success on the get-tree-head-cosigned endpoint -even if no witness provided a co-signature for the current to-cosign tree head. - -This change makes it possible to return 200 OK without witnesses. diff --git a/doc/proposals/2022-07-permit-lack-of-witness-cosignatures.md b/doc/proposals/2022-07-permit-lack-of-witness-cosignatures.md new file mode 100644 index 0000000..c0ac549 --- /dev/null +++ b/doc/proposals/2022-07-permit-lack-of-witness-cosignatures.md @@ -0,0 +1,13 @@ +# Proposal + +In api.md, §3.2: + + - Permit that "key_hash" and "cosignature" are omitted by the log when there + are no witness cosignatures to set in the response. + +# Motivation + +It should be possible to return success on the get-tree-head-cosigned endpoint +even if no witness provided a co-signature for the current to-cosign tree head. + +This change makes it possible to return 200 OK without witnesses. diff --git a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit deleted file mode 100644 index c1570c9..0000000 --- a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit +++ /dev/null @@ -1,33 +0,0 @@ -# Proposal - -Replace the "domain_hint" key in the input to the add-leaf endpoint with -"rate-limit". The value associated with the "rate-limit" key is on the format: - - method:data - -where the defined methods are: - - - dns: the exact same semantics as today's domain hint - - token: a shared secret that is negotiated between submitter and the log - operator out-of-band - -Example of a rate-limit line using DNS: - - rate_limit=dns:_sigsum_v0.example.org - -Example of a rate-limit line using token: - - rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx - -The "rate_limt" key must not be repeated. - -The "rate_limit" key may be omitted. It is then up to the log server to accept -or reject the user's requests. - -# Motivation - -There are more ways to establish something to rate-limit on than domain hints. -The name "domain_hint" is also not descrptive; it makes understanding harder. - -It is also plausible that a log operator wants to run without a rate limit in -some environments. The above change permits this as well. diff --git a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md new file mode 100644 index 0000000..c1570c9 --- /dev/null +++ b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md @@ -0,0 +1,33 @@ +# Proposal + +Replace the "domain_hint" key in the input to the add-leaf endpoint with +"rate-limit". The value associated with the "rate-limit" key is on the format: + + method:data + +where the defined methods are: + + - dns: the exact same semantics as today's domain hint + - token: a shared secret that is negotiated between submitter and the log + operator out-of-band + +Example of a rate-limit line using DNS: + + rate_limit=dns:_sigsum_v0.example.org + +Example of a rate-limit line using token: + + rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx + +The "rate_limt" key must not be repeated. + +The "rate_limit" key may be omitted. It is then up to the log server to accept +or reject the user's requests. + +# Motivation + +There are more ways to establish something to rate-limit on than domain hints. +The name "domain_hint" is also not descrptive; it makes understanding harder. + +It is also plausible that a log operator wants to run without a rate limit in +some environments. The above change permits this as well. -- cgit v1.2.3