Skip to content

Improve robustness when constructing SCT for duplicate entry #884

Description

@AGWA

Following up from transparency-dev/tessera#1018

I think it's fragile how tesseract overwrites just the timestamp, but otherwise keeps the entry that was constructed from the submission. It means that inputs to the critical SCT signing operation come from multiple places, and consequentially might not be coherent. Instead, tesseract should retrieve the entire entry from storage, not just the timestamp, and completely discard the entry constructed from the submission. That way, a malfunction in the antispam driver can only cause the wrong SCT to be returned; it can't kill the log by returning an invalid SCT.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions