Open haydentherapper opened 9 months ago
haydentherapper
commented
8 months ago We might also want to split out parsing errors from verification errors. For example, for timestamp verification, we will skip a timestamp either if it is an invalid RFC3161 structure or if verification fails.
haydentherapper
commented
1 week ago At the sigstore-go meeting, we discussed that VerificationResult currently contains metadata that is verified. @phillmv pointed out that this struct could be passed to a policy controller for further evaluation. Adding a field like UnverifiedResults into this struct might mislead verifiers.
Description
https://github.com/sigstore/sigstore-go/pull/47 and https://github.com/sigstore/sigstore-go/pull/45 introduce skipping log and TSA signatures respectively that the trust bundle cannot verify. This information is not passed back to the verifier, the signatures are just silently skipped over.
We can update VerificationResults to pass this information back, which could be helpful for debugging that the bundle contains the expected trust root material.