On Thu, Jun 11, 2015 at 12:16:02PM +0100, Rob Stradling wrote: > However, if you use the services of a third-party monitor instead (which I > expect most domain owners would prefer to do), then you have to trust that > that third-party monitor isn't hiding any certs from you. > > Therefore, ISTM that some domain owners might want to be able to use the > services of multiple independent monitors simultaneously. > > To facilitate this, it would be useful to define a standard API for querying > a monitor. This API would allow callers to search for certs issued to a > particular domain name/space, setup notifications of (mis-)issuance, etc. > > Matt Palmer and I are planning to start work on a -00 draft soon. If anyone > else would like to get involved, please let us know.
Speaking for myself, I'm coming at this largely from the perspective of someone who is implementing a monitor (OSS code release imminent). It would be good to get one or more "typical users" of a third-party monitor on board this effort, to ensure that the spec provides a solid set of endpoints for users of a monitor to work with. - Matt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
