I’ve been trying to understand how does Chrome interact with CT log servers. According to what I’ve read so far, Chrome sends inclusion proof requests (“GET https:///ct/v2/get-proof-by-hash” - https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis-31#section-5.4) via DNS (“CT over DNS” - https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md) to CT log servers. What I’m trying to find out is how frequently Chrome makes these requests and how I can debug them.
I’ve tried watching Chrome’s network traffic for 6 hours using NetLog to capture “CT over DNS” requests which should appear as “TREE_STATE_TRACKER” events (as mentioned here: https://www.certificate-transparency.org/certificate-transparency-in-chrome) but I wasn’t able to capture any event. According to a document here (https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe_z-ls/edit); Chrome “maintains a queue of inclusion proofs to fetch” and inclusion proof requests are made asynchronously.
To my understanding, it’s not like Chrome makes an inclusion proof request for every new website you visit that returns you a new SCT synchronously. New SCTs are maintained in a queue and Chrome sends inclusion proof requests asynchronously for these SCTs in the queue. Do you think watching Chrome’s network events for a longer period of time would help me capturing these requests?
The only way I can reproduce these requests is by running the unit test (https://github.com/chromium/chromium/blob/master/components/certificate_transparency/log_dns_client_unittest.cc) of log_dns_client in Chromium which is responsible for sending “CT over DNS” requests. But since it’s just a test query talking to a test log, it’s not very useful for me. Is there any other way to debug real requests that Chrome makes?