On 21/05/18 19:05, Stephen Kent wrote:
<snip>
Monitors watch logs to check that they (logs) behave correctly
Monitors watch logs for certificates of interest
Monitors watch logs both to check that they (logs) behave correctly
and to check for certificates of interest.
OK, I now see why the “or both” makes sense, but it appears to be wrongJ.
Both descriptions of Monitor operation in 8.2 say that step 4, checking
for a certificate of interest, is performed “If applicable”. That
implies that steps 1-3 and 5 are checking to see if a log is behaving
correctly (in a very basic sense). So, it seems that Monitors are always
checking logs for consistency, and optionally checking for certs of
interest. If so, the opening sentence should say that Monitors watch
logs to check that they behave correctly (in a basic sense) and,
optionally, they watch logs for certificates of interest.
crt.sh does not currently check logs for consistency. (Maybe one day
I'll get around to implementing that).
crt.sh does check for "certs of interest". (It downloads all the certs
from all the logs, and takes the view that all certs are interesting ;-) ).
Is crt.sh a Monitor?
--
Rob Stradling
Senior Research & Development Scientist
ComodoCA.com
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
