Delegate "validity" to signing key certificates

[deeglaze]

We should remove validity-map entirely. The validity of a signature is the purview of the PKI only. Validity without a signature is irrelevant.

[thomas-fossati]

Absent a way to revoke a certain CoRIM, we must have a mechanism to timebomb it.

That mechanism is the validity-map.

(Even if an explicit revocation mechanism existed, the timebomb is still a useful defense.)

[thomas-fossati]

Clarifying question: Is the proposal to require the supply chain to mint a one-shot, short-term certificate for every CoRIM?

[deeglaze]

Not necessarily every CoRIM, but perhaps with every CoRIM bundle created for a release, yes. This is common practice for code signing.

[deeglaze]

Alternatively, whatever notion of validity a profile wants can be added later. There really should be a core and extended form of CoRIM for all these bells and whistles.

[thomas-fossati]

Alternatively, whatever notion of validity a profile wants can be added later. There really should be a core and extended form of CoRIM for all these bells and whistles.

I think that the lifetime of the information asserted in a CoRIM is a basic feature and should be provided (at least in some crude form) by the base spec.

[deeglaze]

Okay, can we say this issue is to move validity-map and uses to a Lifetime management section to discuss its use? It seems there is no removing anything at this point, but we can at least give interpretations as meant by the default (DICE) profile.

[deeglaze]

I'm going to close this as a dupe for #236 given the change in direction.