How is an auditor initialized?

[masomel]

Specifically: how does an auditor obtain the initial STR, the directory's prior history and the directory's signing key?

Potential solution: Assuming a directory d has a list of running auditors, whenever d generates a new STR(t), it broadcasts STR(t) to all auditors in the list. If an auditor a observes an STR for d for the first time, a sends a request to d to obtain d's prior STR history [STR(0), STR(t-1)] and d's signing key. athen verifies d's prior history, as well as the STR(t) it observed. If these verifications pass, a stores d's STR history. At the next epoch when d broadcasts STR(t+1), a then verifies the STR hash chain as usual.

[vqhuy]

how does an auditor obtain the directory's signing key?

Maybe this relates to #52.

[masomel]

For now, we have made the decision to pin each tracked server's keys (and initial STRs) in the auditor. This will require manual updating of auditor configurations, but we can enhance this feature once there are more auditors in the system.