Update SET docs for timestamping

SETs serve two purposes: The promise of inclusion, and a signed timestamp from Rekor. We've moved towards requiring inclusion proofs, but SETs are still needed if no TSA timestamp is provided. This doc update clarifies that. Signed-off-by: Hayden Blauzvern <[email protected]>
sigstore · Jul 26, 2023 · 04b784c · 04b784c
1 parent fbc54ae
commit 04b784c
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 17 deletions.
diff --git a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go
diff --git a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
diff --git a/gen/pb-typescript/src/__generated__/sigstore_bundle.ts b/gen/pb-typescript/src/__generated__/sigstore_bundle.ts
diff --git a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
diff --git a/protos/sigstore_bundle.proto b/protos/sigstore_bundle.proto
@@ -54,16 +54,16 @@ message VerificationMaterial {
                 dev.sigstore.common.v1.PublicKeyIdentifier public_key = 1 [(google.api.field_behavior) = REQUIRED];
                 dev.sigstore.common.v1.X509CertificateChain x509_certificate_chain = 2 [(google.api.field_behavior) = REQUIRED];
         }
-        // This is the inclusion proof, where the timestamp is coming from
-        // the transparency log.
+        // An inclusion proof and an optional signed timestamp from the log.
         // Client verification libraries MAY provide an option to support v0.1
         // bundles for backwards compatibility, which may contain an inclusion
         // promise and not an inclusion proof. In this case, the client MUST
         // validate the promise.
         // Verifiers SHOULD NOT allow v0.1 bundles if they're used in an
         // ecosystem which never produced them.
         repeated dev.sigstore.rekor.v1.TransparencyLogEntry tlog_entries = 3;
-        // Timestamp verification data, over the artifact's signature.
+        // Timestamp may also come from
+        //tlog_entries.inclusion_promise.signed_entry_timestamp.
         TimestampVerificationData timestamp_verification_data = 4;
 }
 

diff --git a/protos/sigstore_rekor.proto b/protos/sigstore_rekor.proto
@@ -103,6 +103,7 @@ message TransparencyLogEntry {
         // The inclusion promise/signed entry timestamp from the log.
         // Required for v0.1 bundles, and MUST be verified.
         // Optional for >= v0.2 bundles, and SHOULD be verified when present.
+        // Also may be used as a signed timestamp.
         InclusionPromise inclusion_promise = 5;
         // The inclusion proof can be used for offline or online verification
         // that the entry was appended to the log, and that the log has not been