design: run our own transparency log
Opened this issue · 1 comments
This project uses an elegant hack on top of the existing certificate transparency infrastructure. This hack gets us a number of useful things:
- Production quality log servers (list)
- Third party indexing servers (crt.sh, google)
- Browser compatibility for user exploration
- A lot less code to maintain!!
However, it is a hack and there are some potential downsides:
- We may hit rate limits of Let's Encrypt
- Indexing is limited to what can be shoved into a domain
- No metadata besides the domain can be included
For these reasons the project may consider creating a frontend for Trillian which would potentially work around these disadvantages. Though, it would introduce a new one: we would need to potentially convince other people to run logs.
To overcome this challenge I think we should continue to use the hack in rget until we hit some arbitrary and impressive sounding milestones.
- 20 large projects (over 1000 stars on GitHub) using the service
- 5 releases created 2019-08-01 or later from each of those projects registered
- 60 downloads an hour as measured by TLS connections to recorder.merklecounty.com (see chart)
Please discuss all Trillian frontend related ideas on this issue.
Wrote a design doc on this. I think it is clear there is utility for rget but supporting arbitrary URLs is a critical feature and to do that we have to get rid of the SHA256SUMS + Let’s Encrypt cert hack.