Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Notary Project timestamped signature #1222

Closed
1 task
yizha1 opened this issue Dec 15, 2023 · 2 comments · Fixed by #1758
Closed
1 task

Add support for Notary Project timestamped signature #1222

yizha1 opened this issue Dec 15, 2023 · 2 comments · Fixed by #1758
Assignees
@junczhu
Labels
enhancement New feature or request
Milestone
v1.3.0

Comments

@yizha1
Copy link
Collaborator

yizha1 commented Dec 15, 2023

What would you like to be added?

Time-stamping (https://www.rfc-editor.org/rfc/rfc3161) extends the trust of signature beyond the validity period of a certificate. If a container image was signed before the expiry of corresponding certificate, with the support of Time-stamping, the authenticity and integrity of the image can still be ensured. Without the support of Time-stamping, if the certificate expires, the verification will fail. Signer can re-sign the image with new key/certificate, however this will cause usability issues and waste of resource since it is not necessary.

This issue is to ask for the support for Notary Project timestamped signature.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • Yes, I am willing to implement it.
@yizha1 yizha1 added enhancement New feature or request triage Needs investigation labels Dec 15, 2023
@susanshi susanshi added this to the Future milestone Dec 19, 2023
@susanshi susanshi removed the triage Needs investigation label Dec 21, 2023
@junczhu junczhu self-assigned this Jan 2, 2024
@yizha1
Copy link
Collaborator Author

yizha1 commented Mar 19, 2024

@susanshi I would suggest planning this issue for v1.3.0

@susanshi susanshi modified the milestones: Future, v1.3.0 May 23, 2024
@junczhu junczhu mentioned this issue Aug 10, 2024
Merged
13 tasks
@junczhu junczhu mentioned this issue Aug 29, 2024
Merged
12 tasks
@junczhu
Copy link
Collaborator

junczhu commented Aug 29, 2024

Todos:

  • improve test coverage
  • update all related default configs in the repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@junczhu junczhu

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.3.0
Development

Successfully merging a pull request may close this issue.

feat: timestamping feature ratify-project/ratify
3 participants
@susanshi @junczhu @yizha1