This clarifies the (expected) requirements around inclusion_promise slightly. In particular, it clarifies that inclusion_promise is optional if and only if another source of signed time is present. If no other source of signed time is present, then an inclusion_promise is required and MUST be verified.
For cross-referencing, this is the part of the Client spec that suggests this behavior:
Timestamping. Currently, the Transparency Service includes a timestamp in its response to the Signer. This timestamp comes from the Transparency Service’s internal clock, which is not externally verifiable or immutable. For this reason, a Signer SHOULD get their signatures timestamped. However, a Signer MAY choose to omit the timestamping step; in this case, the Signer MUST use the Transparency Service to provide a timestamp for the signature.
(NB: Like the other requirements on bundle formats/required fields, this requirement is for short-lived certificate instances of Sigstore, like the Public Good Instance. CC @haydentherapper for thoughts on if/how this can be better communicated -- I'm happy to add additional language here or in the sigstore_bundle.proto file!)
This clarifies the (expected) requirements around
inclusion_promiseslightly. In particular, it clarifies thatinclusion_promiseis optional if and only if another source of signed time is present. If no other source of signed time is present, then aninclusion_promiseis required and MUST be verified.For cross-referencing, this is the part of the Client spec that suggests this behavior:
(NB: Like the other requirements on bundle formats/required fields, this requirement is for short-lived certificate instances of Sigstore, like the Public Good Instance. CC @haydentherapper for thoughts on if/how this can be better communicated -- I'm happy to add additional language here or in the
sigstore_bundle.protofile!)