design: domain delegation to a transparency log

Question

design: domain delegation to a transparency log

Closed this issue 4 years ago · 1 comments

Federation of logs will be important to ensure resilience. My best idea is that binary transparency clients, like btget, will use a default log like binary.transparencylog.net but a domain can delegate to another log via a well-known pointer.

The basic document will be something like https://example.com/.well-known/binary-transparency which will present a JSON document like:

[
{version: 1, delegatedLog: “https://btlog.example.com”}
]

TODO

Prototype well-known protocol in btget to use a different URL
CNAME binary.transparencylog.net to a test domain to test delegation redirect
Submit a rfc5785 registration request
Implement allowed domain filtering in the server
Write delegation document for site operators

Answer 1 · 2020-08-06T17:53:40.000Z

There are a number of issues with federation that this issue doesn’t encapsulate. I am going to close this for now.

A different direction might be scale reads via proxies running under different domains that optionally cross sign the notes and provide proofs for particular URLs to keep tile size down for light clients.