Open vembacher opened 11 months ago
haydentherapper
commented
11 months ago Checkpoint format comes from https://github.com/sigstore/rekor/blob/main/pkg/util/checkpoint.go. It's Go's SumbDB note format (https://pkg.go.dev/golang.org/x/mod/sumdb/note) with a timestamp in OtherContent.
vembacher
commented
11 months ago Checkpoint format comes from https://github.com/sigstore/rekor/blob/main/pkg/util/checkpoint.go. It's Go's SumbDB note format (https://pkg.go.dev/golang.org/x/mod/sumdb/note) with a timestamp in OtherContent.
Thanks! I was not sure if there was another specification I did not find. I used the Go code as the reference implementation.
gaetanww
commented
4 months ago I'm also interested in supporting inclusion proofs, do you need help to get this over the line?
haydentherapper
commented
4 months ago cc @woodruffw @jleightcap - I think y'all have begun looking at supporting inclusion proof?
tnytown
commented
4 months ago Speaking for the @trailofbits delegation: I don't think we've gotten around to integrating inclusion proofs yet. I was planning on taking a look at the implementation in #285 once the dust settles on bundles (#326 and #311).
gaetanww
commented
4 months ago I tried the implementation in #285 today and there's a problem with it, see my comment. Happy to add a commit if you agree with the fix.
Summary
I would like to see support for inclusion/consistency proofs and checkpoints/STH.
Also related: #274
Reasoning
Implementation
I'm willing to implement this feature, I have already implemented it in another (non-public) crate so I can just port it to this crate. However, I want to discuss some minor details on how to do it first:
cryptomodule that is not be part of the public API.