mtpublisher: Add skeleton that pushes dummy cosignatures#8793
Conversation
beautifulentropy
force-pushed
the
mtpublisher-skeleton
branch
7 times, most recently
from
c789955 to
259dcd0
Compare
|
@beautifulentropy, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values. |
beautifulentropy
force-pushed
the
mtpublisher-skeleton
branch
3 times, most recently
from
42a132b to
e45ef3b
Compare
beautifulentropy
force-pushed
the
mtpublisher-skeleton
branch
from
e45ef3b to
5c92fa7
Compare
|
Apologies for the force push, wanted to clean up some comments. |
jsha
left a comment
jsha
left a comment
There was a problem hiding this comment.
Looks great, thanks for working on this! A few requested changes below.
| // MirrorID identifies the cosigner this publisher writes alongside each | ||
| // cosignature (e.g. "32473.9"). | ||
| MirrorID string `validate:"required"` |
There was a problem hiding this comment.
hyper-nit: indicate that this is a placeholder value. totally optional if this will be replaced quickly.
| // dummyCosignature returns a dummy Ed25519 tlog-cosignature: a big-endian | ||
| // uint64 timestamp followed by the Ed25519 signature. |
There was a problem hiding this comment.
Two comments:
- Why Ed25519? We don't use it anywhere else in boulder so far. Why not ECDSA, or totally random bytes?
- Comment says that its a timestamp followed by a signature, but the actual return value here always has zeroes for the signature bytes.
There was a problem hiding this comment.
- https://github.com/C2SP/C2SP/blob/main/tlog-cosignature.md specifies two cosignature types: one based on Ed25519, and one based on ML-DSA-44. Totally random bytes would be the wrong shape.
- 0s seemed like the correct call, we don't want anyone/anything attempting to verify these. If they are 0s that becomes fairly obvious.
There was a problem hiding this comment.
FWIW, when I added genmtpki.go I made the wrong choice (to use ECDSA), not realizing that tlog only specifies Ed25519 and ML-DSA-44. I can update that - either to Ed25519, or possibly straight to ML-DSA once #8787 is resolved.
3 participants
Add boulder-mtpublisher, a daemon that polls the MTC metadata keyspace for the latest checkpoint lacking a mirror cosignature and write a dummy one against the configured log. Give the dummy cosignature the right shape (a 72-byte Ed25519 timestamped_signature per c2sp.org/tlog-cosignature: an 8-byte BE timestamp followed by a 64-byte signature) but leave the signature bytes zero.
Also make the
mtcmeta_44947_4_1_0_44schema available in Vitess. Renamesa/db/01-mtca.sqlto01-mtcmeta_44947_4_1_0_44.sql, which is uglier. However, the Vitess test-server builds each keyspace's schema by globbingsa/db/*<keyspace>.sql, so the filename has to end with the keyspace name or the schema is (silently) left empty.Fixes #8762