certspotter icon indicating copy to clipboard operation
certspotter copied to clipboard
verified publisher icon SSLMate

Support STH Pollination

Open AGWA opened this issue 9 years ago • 1 comments

AGWA avatar Jul 30 '16 17:07 AGWA

The groundwork for STH pollination has been laid in 0af026249894c99cc7f3fdbc0b74e0a3c4e3bfc5. If you place an STH in the $STATEDIR/.logs/$LOG_ID/unverified_sths directory, Cert Spotter will verify it the next time it runs.

What's left for STH pollination:

  1. Cert Spotter should upload the latest verified STH for each log to sth-pollination endpoints using the API described in https://tools.ietf.org/html/draft-ietf-trans-gossip-03#section-8.2. It should store each STH it gets back in the corresponding unverified_sths directory. SSLMate will operate an sth-pollination endpoint, and hopefully others will also (e.g. Google, Graham Edgecombe).

  2. We should write a simple CGI program that serves an sth-pollination endpoint. It will return STHs from a Cert Spotter state directory, and store received STHs in a Cert Spotter directory (provided the signatures are valid).

AGWA avatar Jan 10 '17 19:01 AGWA