Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify hash algorithm and signature algorithm for a transparency log. #7

Closed
kommendorkapten opened this issue Nov 3, 2022 · 2 comments
Closed

Specify hash algorithm and signature algorithm for a transparency log. #7

kommendorkapten opened this issue Nov 3, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@kommendorkapten
Copy link
Member

Description

The current bundle format does not capture the hash algorithms used by the log. This is called out in this comment sigstore/cosign#2204 (comment).

The information on hash and signature algorithm are now proposed to be part of the transparency log parameters used for verification per this PR: https://github.com/sigstore/protobuf-specs/pull/5/files#diff-b1f89b7fd3eb27b519380b092a2416f893a96fbba3f8c90cfa767e7687383ad4R31

My proposal is to omit this data from the bundle, and only capture it in the tlog parameters.
@kommendorkapten kommendorkapten added the enhancement New feature or request label Nov 3, 2022
@kommendorkapten kommendorkapten mentioned this issue Nov 8, 2022
Open
@znewman01
Copy link
Contributor

Anything left to do here?

@kommendorkapten
Copy link
Member Author

It's captured now in the TransparencyLogInstance:

protobuf-specs/protos/sigstore_trustroot.proto

Line 31 in a09e324

message TransparencyLogInstance {

So let's close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@znewman01 @kommendorkapten