On 11/06/15 16:20, Jeremy Rowley wrote:
Hi Rob - we'd like to get involved
Great. I thought you might. Thanks Jeremy.
as we already have an API for our cert monitoring software.
Can you share any documentation? This would be a useful input to our initial discussions.
-----Original Message----- From: Trans [mailto:[email protected]] On Behalf Of Rob Stradling Sent: Thursday, June 11, 2015 5:16 AM To: [email protected] Cc: Matt Palmer Subject: [Trans] Log Monitoring API 6962-bis notes that: "Those who are concerned about misissue can monitor the logs, asking them regularly for all new entries, and can thus check whether domains they are responsible for have had certificates issued that they did not expect." If you act as a monitor yourself, you can be sure that the logs you're monitoring aren't misbehaving. You don't have to trust the logs. However, if you use the services of a third-party monitor instead (which I expect most domain owners would prefer to do), then you have to trust that that third-party monitor isn't hiding any certs from you. Therefore, ISTM that some domain owners might want to be able to use the services of multiple independent monitors simultaneously. To facilitate this, it would be useful to define a standard API for querying a monitor. This API would allow callers to search for certs issued to a particular domain name/space, setup notifications of (mis-)issuance, etc. Matt Palmer and I are planning to start work on a -00 draft soon. If anyone else would like to get involved, please let us know.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
