The following are assumed to already exist:
- A webserver W with high availability, and strongly hardened. A second server C for holding a private key for signing, only communicating with W
- A tlsnotary browser addon installable by any user on Linux/MacOS/Win with a single toolbar button ('audit button'); configured to use W as auditor without additional setup or configuration, and knowing C's public key.