-
Chain validation steps:
1. Validate received chain using trust store. Result OK.
2. Try to download intermediate certs using AIA extension info, validate. Show warning/error.
3. Invalid chain. Show e…
-
### What is not working as expected?
Use `notation verify` command to verify an image signed with a CA issued certificate. The certificate chain contains intermediate CA certificate and root CA cer…
-
### What version of gRPC and what language are you using?
Version: 1.15.0
Language: cpp
### What operating system (Linux, Windows,...) and version?
"Ubuntu 22.04.2 LTS"
### What ru…
-
## RPC endpoints for light clients
A light client protocol can verify the correctness of any data it receives about the Aptos block chain without making trust assumptions on the provider of that da…
-
### Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1912
### Original Reporter: KristinaYasuda
The entire OpenID Connect Federation specification is written under the…
-
**Description**
Support for uploading a certificate chain, not just a leaf certificate, was added awhile ago (https://github.com/sigstore/rekor/pull/747). I don't recall if there was a specific…
-
There seem to be several mechanisms for issuer key validation (section 3.5).
Two mechanisms define fetching of keys (issuer metadata, DID), and one can be embedded or referenced (x509).
Would it…
-
https://news.ycombinator.com/item?id=19167585 points out that there may be legitimate times where you want to avoid O(N^2) verifications between a set of users - e.g. verifying people in a physically …
ara4n updated
1 month ago
-
When using shinycannon against a https URL with a valid trust chain of certificates recognised by major webbrowsers (in this case involving TERENA SSL CA 3 and DigiCert Assured ID Root CA, which do no…
-
**Is your feature request related to a problem? Please describe.**
**Describe the solution you'd like**
Github recently allowed a new feature to publish the npm package provenance data linked to…