Skip to content

Various changes to landmark bundle #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cjpatton merged 7 commits into from
Oct 29, 2025
Merged

Various changes to landmark bundle #145

cjpatton merged 7 commits into from
Oct 29, 2025

Conversation

@cjpatton
Copy link
Contributor

@cjpatton cjpatton commented Oct 27, 2025
edited
Loading

Changes in this PR:

  1. Align MTC cosigning with the spec.
  2. Update the metadata API to make it easier to consume the landmark bundle.
  3. A bit of refactoring.

I suggest reviewing commit-by-commit.

Note: This is a breaking change in the sense that we won't be able to open older checkpoints. We'll need to spin up another shard.

@cjpatton
mtc_worker: Don't base64 encode the checkpoint in the landmark bundle
0fadc38 
The checkpoint is already printer friendly, so no need to base64 encode
it.
@cjpatton cjpatton added the mtc Merkle Tree Certificates label Oct 27, 2025
@cjpatton cjpatton force-pushed the cjpatton/validate-landmark-bundle branch 6 times, most recently from 3cd7abb to 1b2b397 Compare October 28, 2025 20:45
@cjpatton cjpatton requested a review from bwesterb October 28, 2025 20:45
@cjpatton cjpatton marked this pull request as ready for review October 28, 2025 20:45
@cjpatton cjpatton force-pushed the cjpatton/validate-landmark-bundle branch from 1b2b397 to 17ea329 Compare October 28, 2025 21:01
@cjpatton
mtc_api: Fix subtree cosignature format
125d7eb 
The label needs a newline after "mtc-subtree/v1". This is a breaking
changes, since previous checkpoints can no longer be opened.

This is a breaking change: Because the signatures won't verify,
mtc_worker won't be able to open older check points.
@cjpatton
Make TrustAnchorID a type alias of RelativeOid
7a251a5 
This type is currently a struct that thinly wraps `RelativeOid`. In
fact, this is the only attribute of the struct, and it's `pub`. This
suggests that what we really want is a type alias.
@cjpatton
Implement Display for RelativeOid
bd3496a 
For the purposes of computing the tlog key ID, the log ID is used as the
key name. Add a method for encoding the arcs as a string so that we can
properly construct the key name.

Implementation note: Currently we only keep around the DER encoding of
the arcs. We could decode the arcs from the DER blob, but it's a bit
more convenient to just keep the arcs around in the data structure.
@cjpatton
mtc_api: Properly compute the key name and ID when signing subtrees
4e03bc7 
MTC changes the way the key name and ID are computed compared to TLOG.
First, the key name is constructed from the log ID rather than the API
endpoint. Second, the key ID does not incorporate the public key as it
does in TLOG.

This is a breaking change: Because the signatures won't verify,
mtc_worker won't be able to open older check points.
@cjpatton
mtc_api: Sign checkpoints instead of subtrees
d255fc6 
MTC cosigners sign two types of notes: one for checkpoints and another
for subtrees. Apart from the notes having a slightly different format,
we need to construct a separate key ID for each case. To accommodate
this, we need to be able to construct an instance of the cosigenr based
on the type of note we're signing.

Replace `MTCSubtreeCosigner` with a more general `MtcCosigner` struct.
The idea is that the constructor will define which type of message is
being signed (a checkpoint or a subtree) and construct the key ID
accordingly. At the moment, we don't actually use the MTC cosigner to
sign subtrees; for now, we just use it to sign checkpoints. Replace the
current constructor `new()` with one that that constructs a checkpoint
signer, `new_checkpoint()`.

Likewise for the note verifier.

This is a breaking change: Because the signatures won't verify,
mtc_worker won't be able to open older check points.
@cjpatton
mtc_worker: Change format of log and cosigner ID in metadata
9a363ca 
Instead of base64 encoding the BER, just return the string encoding.
@cjpatton cjpatton force-pushed the cjpatton/validate-landmark-bundle branch from 17ea329 to 9a363ca Compare October 29, 2025 15:31
@cjpatton
Copy link
Contributor Author

cjpatton commented Oct 29, 2025

Updated commit messages.

@cjpatton cjpatton merged commit 1b849d3 into main Oct 29, 2025
1 check passed
@cjpatton cjpatton deleted the cjpatton/validate-landmark-bundle branch October 29, 2025 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bwesterb bwesterb bwesterb approved these changes

Assignees

No one assigned

Labels

mtc Merkle Tree Certificates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cjpatton @bwesterb