Skip to main content

5.4. Auditor

5.4. Auditor

Auditors take partial information about a log as input and verify that this information is consistent with other partial information they have. An auditor might be an integral component of a TLS client; it might be a standalone service; or it might be a secondary function of a monitor.

Any pair of STHs from the same log can be verified by requesting a consistency proof (Section 4.4).

A certificate accompanied by an SCT can be verified against any STH dated after the SCT timestamp + the Maximum Merge Delay by requesting a Merkle audit proof (Section 4.5).

Auditors can fetch STHs from time to time of their own accord, of course (Section 4.3).

Last updated on