Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Choose a more specific name than "signing-spec" #16

Closed
lukpueh opened this issue Feb 4, 2021 · 12 comments · Fixed by #37
Closed

Choose a more specific name than "signing-spec" #16

lukpueh opened this issue Feb 4, 2021 · 12 comments · Fixed by #37
Milestone
signing-spec v1.0

Comments

@lukpueh
Copy link
Member

lukpueh commented Feb 4, 2021

"signing-spec" is a generic working title for this repo/project/specification. It should be replaced by something more specific.

Side-goal courtesy of @MarkLodato: Ideally the new name is easy to search for.

See #1 - What is secure-systems-lab/signing-spec? for context.
@lukpueh lukpueh mentioned this issue Feb 4, 2021
Closed
@adityasaky
Copy link
Member

It's probably past time to kickstart this. Does anyone have any thoughts on what we can name this spec? Any initial leads we could iterate over?

@TomHennen
Copy link
Collaborator

Some random thoughts:

JSON Artifact Envelope - JAE - Not great because it's not actually an envelope for artifacts.
involucrum - Latin for envelope. Using Latin to play off of in-toto. Probably pretty awkward to say.
JSON Signed Envelope - JSE
in-toto Attestation Envelope - IAE (maybe we don't want to reference in-toto?)

@MarkLodato
Copy link
Collaborator

MarkLodato commented Apr 14, 2021
edited
Loading

More ideas:

  • "envelope" or "signature" in another language.
  • "Foolproof Signed Envelope"
  • "Dead Simple Signed Envelope", pronounced "dissy"

Edit: or use "message" instead of "envelope"

@adityasaky
Copy link
Member

I like Dead Simple Signed Envelope! I was considering options along the lines of "Lightweight", but I think this may be crisper.

@MarkLodato
Copy link
Collaborator

Another option that is more descriptive:

  • "Signed Type-Identified Message" (STIM)
  • "Signed Message with Authenticated Type" (SMAT)
  • or similar

If we think about the advantages of this spec over others, the main thing is that it authenticates the type in addition to the message. The only other spec that provides that is JWS (via typ), but that spec is super complicated and error-prone.

@MarkLodato MarkLodato mentioned this issue Apr 16, 2021
Closed
@TomHennen
Copy link
Collaborator

Type Authenticated Cryptographic Object - TACO

🌮

@MarkLodato
Copy link
Collaborator

Oh man, I love it! Too bad the name is overly broad!

@MarkLodato
Copy link
Collaborator

tamale: Type And Message Authenticated in a Lightweight Envelope

@adityasaky adityasaky added this to the signing-spec v1.0 milestone Apr 19, 2021
@trishankatdatadog
Copy link
Collaborator

I vote DSSE

@adityasaky adityasaky mentioned this issue May 3, 2021
Merged
1 task
@MarkLodato
Copy link
Collaborator

I have a slight preference for tamale but am fine with DSSE.

Any more votes?

I suggest that we go with DSSE unless we hear any dissenting opinions within the next few days.

@TomHennen
Copy link
Collaborator

TomHennen commented Jun 4, 2021 via email

@adityasaky
Copy link
Member

I'm fine with either as well.

@MarkLodato MarkLodato mentioned this issue Jun 4, 2021
Closed
MarkLodato added a commit to MarkLodato/dsse that referenced this issue Jun 4, 2021
@MarkLodato
Rename signing-spec to DSSE (secure-systems-lab#16)
1fecce3 
The name is now Dead Simple Signing Envelope.
@MarkLodato MarkLodato mentioned this issue Jun 4, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
signing-spec v1.0
Development

Successfully merging a pull request may close this issue.

Rename to DSSE, update PAE, mark as v1 MarkLodato/dsse
5 participants
@MarkLodato @lukpueh @TomHennen @adityasaky @trishankatdatadog