-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TAP for TUF developer key management #141
Commits on Jul 27, 2021
-
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4b8ee68 - Browse repository at this point
Copy the full SHA 4b8ee68View commit details
Commits on Aug 12, 2021
-
[Fulcio TAP] Minor clarifications and corrections
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 7db2f6d - Browse repository at this point
Copy the full SHA 7db2f6dView commit details
Commits on Aug 19, 2021
-
[Fulcio TAP] Add links and clarifications
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 57f3476 - Browse repository at this point
Copy the full SHA 57f3476View commit details
Commits on Aug 31, 2021
-
Apply suggestions from code review
Co-authored-by: axel simon <github@axelsimon.net>
Configuration menu - View commit details
-
Copy full SHA for a509f6d - Browse repository at this point
Copy the full SHA a509f6dView commit details -
[Fulcio TAP] Generalize email to OIDC identity
Fulcio can use any OIDC identity. This changes the metadata format to reflect this. Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5480134 - Browse repository at this point
Copy the full SHA 5480134View commit details
Commits on Sep 10, 2021
-
Add explicit recomendation to use auditors for the TL
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c31cc6d - Browse repository at this point
Copy the full SHA c31cc6dView commit details -
Add OIDC compromise to security analysis
Also clarify that auditors may use TAP 3 multi-role delegations Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 07fc229 - Browse repository at this point
Copy the full SHA 07fc229View commit details
Commits on Nov 29, 2021
-
Clarify use of multi-role delegations
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 22c70e7 - Browse repository at this point
Copy the full SHA 22c70e7View commit details -
Apply suggestions from code review
adds consistent capitalization and some clarifications Co-authored-by: axel simon <git@axelsimon.net>
Configuration menu - View commit details
-
Copy full SHA for 5bbab5d - Browse repository at this point
Copy the full SHA 5bbab5dView commit details -
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3f3a67a - Browse repository at this point
Copy the full SHA 3f3a67aView commit details
Commits on Nov 30, 2021
-
Update candidate-fulcio-tap.md
Co-authored-by: axel simon <git@axelsimon.net>
Configuration menu - View commit details
-
Copy full SHA for 1cb0ba6 - Browse repository at this point
Copy the full SHA 1cb0ba6View commit details
Commits on Dec 16, 2021
-
[Fulcio TAP] Add link to augmented reference implementation
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f6f9312 - Browse repository at this point
Copy the full SHA f6f9312View commit details
Commits on Jan 10, 2022
-
[fulcio TAP] clarify auditor signatures and revocation
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 61f2cc9 - Browse repository at this point
Copy the full SHA 61f2cc9View commit details
Commits on Mar 22, 2022
-
Add clarifications about verification
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e8e6111 - Browse repository at this point
Copy the full SHA e8e6111View commit details
Commits on Mar 30, 2022
-
Move Fulcio root cert to delegating metadata
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c648977 - Browse repository at this point
Copy the full SHA c648977View commit details -
Add detail about verifying with Rekor
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for cbf1e06 - Browse repository at this point
Copy the full SHA cbf1e06View commit details -
Apply suggestions from code review
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Configuration menu - View commit details
-
Copy full SHA for cc4d9a4 - Browse repository at this point
Copy the full SHA cc4d9a4View commit details
Commits on Apr 28, 2022
-
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a680f56 - Browse repository at this point
Copy the full SHA a680f56View commit details
Commits on Jun 24, 2022
-
Clarify when Fulcio certs should be valid
Signed-off-by: Marina Moore <marina@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for eb50378 - Browse repository at this point
Copy the full SHA eb50378View commit details
Commits on Jul 26, 2022
-
[Fulcio TAP] Remove Rekor requirement
If certificates are uploaded while they are valid, the Rekor check is not needed. This commit also clarifies the tradeoffs for clients deciding whether to check Rekor directly. Signed-off-by: Marina Moore <marina@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for 4910aa0 - Browse repository at this point
Copy the full SHA 4910aa0View commit details
Commits on Jul 28, 2022
-
[Fulcio TAP] Update Fulcio details from code review
Signed-off-by: Marina Moore <marina@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for f8f252d - Browse repository at this point
Copy the full SHA f8f252dView commit details
Commits on Nov 1, 2022
-
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4975dc5 - Browse repository at this point
Copy the full SHA 4975dc5View commit details
Commits on Nov 3, 2022
-
[Fulcio TAP] Simplify the explanation of signing and verifying
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9e8dbb3 - Browse repository at this point
Copy the full SHA 9e8dbb3View commit details -
[Fulcio TAP] Update signing and verification
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 50564bd - Browse repository at this point
Copy the full SHA 50564bdView commit details
Commits on Nov 4, 2022
-
Apply suggestions from code review
Co-authored-by: asraa <asraa@google.com> Signed-off-by: Marina Moore <mnm678@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 7b315fb - Browse repository at this point
Copy the full SHA 7b315fbView commit details -
Clarify use of single Fulcio instance
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ec67d7d - Browse repository at this point
Copy the full SHA ec67d7dView commit details -
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9893ba1 - Browse repository at this point
Copy the full SHA 9893ba1View commit details
Commits on Jan 13, 2023
-
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 13c5266 - Browse repository at this point
Copy the full SHA 13c5266View commit details
Commits on Jan 17, 2023
-
[Fulcio TAP] minor clarifications
Highlight that existing Sigstore tooling should be used Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d7f086e - Browse repository at this point
Copy the full SHA d7f086eView commit details
Commits on Jan 27, 2023
-
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 033e544 - Browse repository at this point
Copy the full SHA 033e544View commit details -
Especially this: * generalized the "repository" * generalized the "developer" * fixes links Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8dda4e2 - Browse repository at this point
Copy the full SHA 8dda4e2View commit details
Commits on Feb 2, 2023
-
Apply suggestions from code review
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com> Signed-off-by: Marina Moore <mnm678@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 98f5d0f - Browse repository at this point
Copy the full SHA 98f5d0fView commit details -
clarifications based on code review
Signed-off-by: Marina Moore <mnm678@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8d60a51 - Browse repository at this point
Copy the full SHA 8d60a51View commit details