You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to figure out the log sharding strategy. The simplest approach is to follow what other public CAs do, a new log every year accessible from a unique URL. Let's name shards using the year - ctfe.sigstore.dev/2022, ctfe.sigstore.dev/2023, etc. The current log is accessible at ctfe.sigstore.dev/test, so it'd be good to exercise a sharding before GA.
Each year, the TUF targets will be updated by appending the new log key. Cosign already supports verifying an SCT using a set of public keys. The log URL is not referenced anywhere in code, so only log monitors would need to be made aware of a new log shard URL.
The text was updated successfully, but these errors were encountered:
Description
We need to figure out the log sharding strategy. The simplest approach is to follow what other public CAs do, a new log every year accessible from a unique URL. Let's name shards using the year - ctfe.sigstore.dev/2022, ctfe.sigstore.dev/2023, etc. The current log is accessible at ctfe.sigstore.dev/test, so it'd be good to exercise a sharding before GA.
Each year, the TUF targets will be updated by appending the new log key. Cosign already supports verifying an SCT using a set of public keys. The log URL is not referenced anywhere in code, so only log monitors would need to be made aware of a new log shard URL.
The text was updated successfully, but these errors were encountered: