There are already some logs pending inclusion in Chrome which only accepts certificates with an expiration date in a certain range, e.g. ct.googleapis.com/logs/argon2018 only accepting certificates expiring in 2018.
We should anticipate and prepare for other types of constraints which may be specified in the future so we don't risk having to deprecate additional variables in CTLogInfo.
I suggest we implement this as follows:
- Create a package certificatetransparency.acceptancerules
- Create an interface in this package as follows
- Create a class ExpirationDateAcceptanceRule implementing CtLogAcceptanceRule
- Associate a List<CtLogAcceptanceRule> with each CTLogInfo object. We should publish the certificate C to the CT log L iff logAcceptsCertificate(L, C) returns true
- Add GUI code to editctlog.jsp which allows the user to enable an expiration date acceptance rule based on a start and end date.
No upgrade procedure needed. If nothing has been specified, a log will hold an empty list (null) of rules, and will always be contacted.
We should also mention this feature in the documentation (adminguide.xml).