Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log sharding strategy for Fulcio #510

Closed
haydentherapper opened this issue Apr 7, 2022 · 0 comments · Fixed by #514
Closed

Log sharding strategy for Fulcio #510

haydentherapper opened this issue Apr 7, 2022 · 0 comments · Fixed by #514
Labels
enhancement New feature or request

Comments

@haydentherapper
Copy link
Contributor

Description

We need to figure out the log sharding strategy. The simplest approach is to follow what other public CAs do, a new log every year accessible from a unique URL. Let's name shards using the year - ctfe.sigstore.dev/2022, ctfe.sigstore.dev/2023, etc. The current log is accessible at ctfe.sigstore.dev/test, so it'd be good to exercise a sharding before GA.

Each year, the TUF targets will be updated by appending the new log key. Cosign already supports verifying an SCT using a set of public keys. The log URL is not referenced anywhere in code, so only log monitors would need to be made aware of a new log shard URL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add documentation for CT log haydentherapper/fulcio
1 participant
@haydentherapper