Clairified that a DSSE envelope in a sigstore bundle MUST have exactly one signature

sigstore / protobuf-specs

Protocol Buffer specifications

Apache License 2.0

23 stars 29 forks source link

Clairified that a DSSE envelope in a sigstore bundle MUST have exactly one signature #318

Closed kommendorkapten closed 4 months ago

kommendorkapten commented 4 months ago

Summary

As discussed on sig-clients 2024-05-07, a DSSE envelope in a Sigstore bundle MUST have exactly one signature, and during verification this must be checked.

Closes https://github.com/sigstore/sig-clients/issues/14

Release Note

Clarified that DSSE envelope must have exactly one signature.

Documentation

N/A