-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change the verify attestation implementation #1012
Comments
Cc @developer-guy @Dentrax what do you think? |
IIUC, we are currently unmarshal ing the predicate body to pass into validation steps, which we do not check the attestation header in current implementation. What we want to here is to validate the entire attestation in policy validation step? |
Yes, @dlorenc, it makes sense. Actually, in the beginning, we (w/@Dentrax) were aware of that, but we didn't think that this header might be a valuable thing to validate, so we didn't care about it much. Okay, then, we can pass the Attestation as a whole (body + header) to the validation steps and revise the logic according to that. Is it okay for you, too, @dlorenc? 😋 |
Yeah! I think that would be good. I went back and forth on this one too but I think being able to pass the entire thing directly into "cue vet" is the big win. |
Right now when using the verify-attestation command, only the predicate is passed to the verification policy. This is nice, but has a few issues:
The text was updated successfully, but these errors were encountered: