design: domain delegation to a transparency log

[philips]

Federation of logs will be important to ensure resilience. My best idea is that binary transparency clients, like btget, will use a default log like binary.transparencylog.net but a domain can delegate to another log via a well-known pointer.

The basic document will be something like https://example.com/.well-known/binary-transparency which will present a JSON document like:

[
{version: 1, delegatedLog: “https://btlog.example.com”}
]

TODO

• Prototype well-known protocol in btget to use a different URL
• CNAME binary.transparencylog.net to a test domain to test delegation redirect
• Submit a rfc5785 registration request
• Implement allowed domain filtering in the server
• Write delegation document for site operators

[philips]

There are a number of issues with federation that this issue doesn’t encapsulate. I am going to close this for now.

A different direction might be scale reads via proxies running under different domains that optionally cross sign the notes and provide proofs for particular URLs to keep tile size down for light clients.