The groundwork for STH pollination has been laid in 0af026249894c99cc7f3fdbc0b74e0a3c4e3bfc5. If you place an STH in the $STATEDIR/.logs/$LOG_ID/unverified_sths directory, Cert Spotter will verify it the next time it runs.
What's left for STH pollination:
Cert Spotter should upload the latest verified STH for each log to sth-pollination endpoints using the API described in https://tools.ietf.org/html/draft-ietf-trans-gossip-03#section-8.2. It should store each STH it gets back in the corresponding unverified_sths directory. SSLMate will operate an sth-pollination endpoint, and hopefully others will also (e.g. Google, Graham Edgecombe).
We should write a simple CGI program that serves an sth-pollination endpoint. It will return STHs from a Cert Spotter state directory, and store received STHs in a Cert Spotter directory (provided the signatures are valid).
The groundwork for STH pollination has been laid in 0af026249894c99cc7f3fdbc0b74e0a3c4e3bfc5. If you place an STH in the
$STATEDIR/.logs/$LOG_ID/unverified_sths
directory, Cert Spotter will verify it the next time it runs.What's left for STH pollination:
Cert Spotter should upload the latest verified STH for each log to
sth-pollination
endpoints using the API described in https://tools.ietf.org/html/draft-ietf-trans-gossip-03#section-8.2. It should store each STH it gets back in the correspondingunverified_sths
directory. SSLMate will operate ansth-pollination
endpoint, and hopefully others will also (e.g. Google, Graham Edgecombe).We should write a simple CGI program that serves an
sth-pollination
endpoint. It will return STHs from a Cert Spotter state directory, and store received STHs in a Cert Spotter directory (provided the signatures are valid).