Skip to main content

5.3. Monitor

5.3. Monitor

Monitors watch logs and check that they behave correctly. They also watch for certificates of interest.

A monitor needs to, at least, inspect every new entry in each log it watches. It may also want to keep copies of entire logs. In order to do this, it should follow these steps for each log:

  1. Fetch the current STH (Section 4.3).

  2. Verify the STH signature.

  3. Fetch all the entries in the tree corresponding to the STH (Section 4.6).

  4. Confirm that the tree made from the fetched entries produces the same hash as that in the STH.

  5. Fetch the current STH (Section 4.3). Repeat until the STH changes.

  6. Verify the STH signature.

  7. Fetch all the new entries in the tree corresponding to the STH (Section 4.6). If they remain unavailable for an extended period, then this should be viewed as misbehavior on the part of the log.

  8. Either:

    1. Verify that the updated list of all entries generates a tree with the same hash as the new STH.

    Or, if it is not keeping all log entries:

    1. Fetch a consistency proof for the new STH with the previous STH (Section 4.4).

    2. Verify the consistency proof.

    3. Verify that the new entries generate the corresponding elements in the consistency proof.

  9. Go to Step 5.

Last updated on