Closed tnytown closed 1 week ago
This is ready for review, but we should get #311 in first.
CC @flavio, please take a look at this one after #311; the pertinent changes are at https://github.com/sigstore/sigstore-rs/pull/326/commits/c9ad592d3af61df42149c06bdda0e076c346ceab :)
@tnytown is this one ready to be reviewed?
is this one ready to be reviewed?
Yes, thanks for the ping @flavio!
@flavio gentle ping on this PR :)
LGTM, I left two minor suggestions.
@flavio I applied the changes, thanks! Let me know if there's anything else you need.
I think it’s all good. Can you file some issues to keep track of the few TODOs that are left?
Blocked on #311.Summary
Adds Signed Certificate Timestamp verification and hooks it up to the bundle signing flow. SCT verification ensures that the signing certificate in a given operation has been submitted to the Certificate Transparency log, which aids in the detection of malicious certificates and keeps Certificate Authorities like Fulcio honest.
Release Note
Documentation
No user-facing documentation needed, we automatically perform SCT validation when public
sign
andverify
APIs are used.