On Thu, 4 May 2017 13:41:59 +0100 Eran Messeri <[email protected]> wrote:
> I'm looking for feedback on the proposal to add an API endpoint which > would provide access to historical STHs issued by the log ( > https://trac.ietf.org/trac/trans/ticket/163). > > I personally think it's a good idea to have such an API since it'd > allow auditing a log for past compliance with the MMD requirement. > > Rob Stradling has sent a PR > <https://github.com/google/certificate-transparency-rfcs/pull/200/> > for this. I support adding this endpoint, and I think it should be mandatory. In addition to helping monitors, this endpoint would allow a TLS client vendor (e.g. Mozilla) to aggregate all the STHs for a log and ship them in bulk to clients so that clients can easily verify a stapled inclusion proof without needing to make any network access. That should please Mozilla. Regards, Andrew _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
