Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify SCTs #591

Closed
dlorenc opened this issue Aug 28, 2021 · 2 comments · Fixed by #600
Closed

Verify SCTs #591

dlorenc opened this issue Aug 28, 2021 · 2 comments · Fixed by #600
Assignees
@priyawadhwa

Comments

@dlorenc
Copy link
Member

dlorenc commented Aug 28, 2021

Fulcio now returns SCTs as a header: sigstore/fulcio#163

Let's verify those in cosign when getting a cert!
@dlorenc
Copy link
Member Author

dlorenc commented Aug 30, 2021

cc @priyawadhwa you were looking at this kind of right?

@priyawadhwa
Copy link
Contributor

Yah, this was the last thing we needed for bundling to be complete!

We can verify the SCT when we get it, add it to the bundle, and verify again whenever cosign verify gets run?

This was referenced Aug 31, 2021
Merged
Merged
@priyawadhwa priyawadhwa self-assigned this Aug 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@priyawadhwa priyawadhwa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Verify SCTs returned by fulcio priyawadhwa/cosign
2 participants
@dlorenc @priyawadhwa