design: run our own transparency log

[philips]

This project uses an elegant hack on top of the existing certificate transparency infrastructure. This hack gets us a number of useful things:

• Production quality log servers (list)
• Third party indexing servers (crt.sh, google)
• Browser compatibility for user exploration
• A lot less code to maintain!!

However, it is a hack and there are some potential downsides:

• We may hit rate limits of Let's Encrypt
• Indexing is limited to what can be shoved into a domain
• No metadata besides the domain can be included

For these reasons the project may consider creating a frontend for Trillian which would potentially work around these disadvantages. Though, it would introduce a new one: we would need to potentially convince other people to run logs.

To overcome this challenge I think we should continue to use the hack in rget until we hit some arbitrary and impressive sounding milestones.

1. 20 large projects (over 1000 stars on GitHub) using the service
2. 5 releases created 2019-08-01 or later from each of those projects registered
3. 60 downloads an hour as measured by TLS connections to recorder.merklecounty.com (see chart)

Please discuss all Trillian frontend related ideas on this issue.

[philips]

Wrote a design doc on this. I think it is clear there is utility for rget but supporting arbitrary URLs is a critical feature and to do that we have to get rid of the SHA256SUMS + Let’s Encrypt cert hack.