Remove timestamp from checkpoint

[haydentherapper]

Description

We currently include the timestamp when the checkpoint was generated:

rekor.sigstore.dev - 3904496407287907110
4163431
TQBqpG78tgfdUdkAsSE3VMUMySUcNAXGwlYdnWovMjk=
Timestamp: 1701981305360721342

— rekor.sigstore.dev wNI9ajBFAiEA8v7iWeGsxEL5ysGdi1A2vu9lMSuCeRtSBOXzRCK+5ygCIBe0r5Au5PmbY1lbJv+1/x2KoLm/YPsb1X5JyY3OXUHH

Note the first line is the log identifier, the second is the log size, then the root hash, then extra data (the timestamp), then a new line and then the checkpoint signature.

No checkpoint verifier relies on the timestamp. It could be used to convey checkpoint freshness, that the checkpoint represents the latest snapshot of the log. However:

• this is not verifiable in any way
• if the log presented different views to different callers, say if the log wanted to act like it was "frozen" to one caller and serve an old checkpoint, that's mitigated through witnessing, not through checkpoint timestamps
• if a verifier were to require it be fresh, it means we cannot cache static checkpoints for old log shards.

I propose that we remove the timestamp from the checkpoint. We'll need to confirm that this is not a breaking change, that old clients can verify checkpoints without the timestamp present.

cc @mhutchinson

[mhutchinson]

In addition to my ❤️ on the top level comment, I feel like a little info on why I think this is a great proposal would be helpful for the community. We have a fledgling witness network that verifies that logs are evolving correctly in an append-only manner. Witnesses work individually, and then post witnessed signatures to a central location where all signatures on the same checkpoint are merged.

The problem with including timestamp information in the checkpoint is that two witnesses may attest to the same logical tree state, but because of the timestamp, the checkpoint is not byte-equivalent and thus their signatures cannot be merged. This makes it much harder for clients to get log state in a way that has been independently verified by multiple third parties.

Another factor to consider is that we have recently updated the witnesses to include the timestamp at which the witnessing event took place (transparency-dev/witness#41). This witness timestamp information may provide whatever functionality was originally being sought with original inclusion of a Timestamp in the checkpoint body.

As an example of what a witnessed checkpoint looks like (generated by https://github.com/transparency-dev/distributor/blob/main/cmd/client/client.go):

rekor.sigstore.dev - 2605736670972794746
51727090
w2BoJzk2ucAYsVA4bml3JZl4Hi+SFn5nfSNLj6mOZ30=
Timestamp: 1702313042625620495

— rekor.sigstore.dev wNI9ajBGAiEAo71KUvnY1RW16iqJ+ZVxR7EfbpGFSTcIGTeVtUO4lLICIQChIqTwthe4D6eJlIaw8x+yaQMnnHcTRFlCZS8JuKSTjQ==
— DEV:ArmoredWitness-damp-bush Kqr6OPE8d2UAAAAAMNOIjad36QcUzmQ+mJRLNDhLQHTVSpc9KS86VWPQuVtZKgtIR7pW8d60ggrmttHJkJDmzJsaMrshP+NOfqFjDg==
— DEV:ArmoredWitness-dawn-moon W+8PSVw8d2UAAAAAACTUA38ItReezWhoz2UU3VzYYE9egInFMJK3vYmxjf2bX6EkHWf/qTQYq9B/LpNIThZTfd4Vzo3ujxZEwSInBA==

From this, clients can determine the following about witness signing events:

Witness timestamps:
— DEV:ArmoredWitness-damp-bush: 49 seconds ago (2023-12-11T16:46:41Z)
— DEV:ArmoredWitness-dawn-moon: 3 minutes ago (2023-12-11T16:44:12Z)