-
eranm authored
The goal is to whitelist logged EV certificates so the requirement of CT for EV certificates can be enabled without waiting for all EV certs to be re-issued. This change adds the code for unpacking the list of (truncated) hashes of EV certificates. The compressed data format is the diff values between the hashes, encoded using Golomb coding. This was suggested by agl as an efficient encoding, since the hash values of the EV certificates are uniformly distributed, so the differences between them are geometrically distributed. See section 4 in: http://algo2.iti.kit.edu/singler/publications/cacheefficientbloomfilters-wea2007.pdf The code that generates the data can be found here: https://github.com/google/certificate-transparency/blob/master/python/utilities/ev_whitelist/golomb_code.py#L27 Currently the code is not hooked into anything, but once the compressed list would be fetched as a component update, we'll start by logging statistics about known vs. unknown EV certs. BUG=339128 Review URL: https://codereview.chromium.org/462543002 Cr-Commit-Position: refs/heads/master@{#293288}
743f614e
