Public repository support for Audit Proofs
slawlor opened this issue · comments
Sean Lawlor commented
In order to support both public auditing and a generated signature over root hashes by a hosted auditing pool (#125) we need to be able to host audit proofs in some public repository for consumption by any third party auditor should they see fit.
Requirements
- Store roots for all epochs to allow audits between arbitrary epochs (#209)
- Audit proofs support serialization in a backwards compatible format (e.g. protobuf)
- A new tool needs to be created to retrieve said audit proofs from some public storage, verify them, and emit the previous & new root hashes to verify against local versions
- We are going to start with S3 as the storage medium, since it's a well known standard blob storage
- Will build command-line app to support download and verifying the audit proofs (which will be a new crate having a dependency on the
akd
crate) - (future) Eventually support a QR code generation say in a web page after verification which can be verified in the client application(s)
Sean Lawlor commented
Items checked assuming draft PR passes