Hi, I was reading the latest draft of the gossip protocol and I have some concerns.
I've started monitoring the CT logs. I think that under the latest draft I became an "auditor", but the graph also still mentions a monitor. But I don't believe I'm a "trusted auditor". There at least seems to be confusion about the terms. I'm mostly interested in checking that the CT logs behave like they should, and the draft doesn't seem to be covering this, or I'm not understanding it. How can I find all the SCTs and STHs that the log did send to someone but didn't send to me? It seems that as auditor I would only talk to the CT logs and "participating HTTPS servers". It's not clear to me how I would disover those HTTPS servers. Is this related to the "trusted auditor"? Would an auditor work for an HTTPS site? Or would both clients and auditors have a list of those participating HTTPS servers, and those HTTPS servers act like some lightweight auditor? An older draft had a way for monitors to talk to each other, but that all seems to have been removed. Kurt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
