You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ratify presently doesn't differentiate between types, and we used to just set it as ca type as default. As we already have users use signingAuthority instead of ca type, we should provide support soon. And we also need to support tsa for tsa signature.
What would you like to be added?
Notation spec supports 3 trust store types: ca, tsa and signingAuthority: https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md#trust-policy-properties
Ratify presently doesn't differentiate between types, and we used to just set it as
ca
type as default. As we already have users usesigningAuthority
instead ofca
type, we should provide support soon. And we also need to supporttsa
for tsa signature.There are a few places to be updated:
GetCertificates
implementation: https://github.com/deislabs/ratify/blob/main/pkg/verifier/notation/truststore.go#L43verificationCertStores
to includetrustStoreType
: https://github.com/deislabs/ratify/blob/main/pkg/verifier/notation/notation.go#L60And if we want to make it backward compatible, the implementation should support both old and new CRs.
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?
The text was updated successfully, but these errors were encountered: