DescriptionCertificate Transparency: Code for unpacking EV cert hashes whitelist
The goal is to whitelist logged EV certificates so the requirement of
CT for EV certificates can be enabled without waiting for all EV certs
to be re-issued.
This change adds the code for unpacking the list of (truncated) hashes
of EV certificates. The compressed data format is the diff values
between the hashes, encoded using Golomb coding. This was suggested
by agl as an efficient encoding, since the hash values of the
EV certificates are uniformly distributed, so the differences between
them are geometrically distributed. See section 4 in:
http://algo2.iti.kit.edu/singler/publications/cacheefficientbloomfilters-wea2007.pdf
The code that generates the data can be found here:
https://github.com/google/certificate-transparency/blob/master/python/utilities/ev_whitelist/golomb_code.py#L27
Currently the code is not hooked into anything, but once the
compressed list would be fetched as a component update, we'll start
by logging statistics about known vs. unknown EV certs.
BUG=339128
Committed: https://crrev.com/743f614e8b1daec08613e6108a6b2b902d5b9b55
Cr-Commit-Position: refs/heads/master@{#293288}
Patch Set 1 #Patch Set 2 : Linting #Patch Set 3 : Adding histogram collection #Patch Set 4 : Rebasing on master #
Total comments: 17
Patch Set 5 : Review comments & linting #
Total comments: 44
Patch Set 6 : #
Total comments: 27
Patch Set 7 : Addressing wtc's comments #Patch Set 8 : Fixing some compilation issues #
Total comments: 6
Patch Set 9 : Implementing CalculateFingerprint256 on win,mac,ios #Patch Set 10 : Windows-specific fixes. #
Total comments: 2
Patch Set 11 : Addressing comments + adding method for determining presence of valid EV whitelist. #
Messages
Total messages: 23 (7 generated)
|