Return SCT when a cert is generated #119

priyawadhwa · 2021-06-15T20:44:38Z

We have this TODO to actually return the SCT when a cert is created:

Line 93 in 1046134

//TODO: return SCT and SCT URL

If we started doing this, we could use the SCT to verify the cert is in the CT log. This would be the final piece of validation for cosign bundling to be finished!

priyawadhwa · 2021-06-15T20:47:06Z

Not entirely sure if it would be OK to just change the API and return the SCT, right now we just return a string:

fulcio/openapi.yaml

Lines 48 to 51 in 39dcd1a

    
             description: Generated Certificate Chain 
        
             schema: 
        
               type: string 
        
           400:

We could return the SCT as a JSON-encoded string and not have to change the API spec, but I don't love that option.

bobcallaway · 2021-06-16T11:45:08Z

as soon as we have sigstore/sigstore#70 or sigstore/sigstore#69 resolved (which should be pretty soon) I'll push up a patch to include the SCT in the final certificate we issue.

…main 🤖 [main] Update image version in Dockerfiles

bobcallaway self-assigned this Jul 1, 2021

bobcallaway mentioned this issue Aug 12, 2021

add SCT as HTTP response header #163

Merged

dlorenc closed this as completed in #163 Aug 16, 2021

tommyd450 pushed a commit to tommyd450/fulcio that referenced this issue Apr 19, 2024

Merge pull request sigstore#119 from securesign/Update-image-version-…

4511b3c

…main 🤖 [main] Update image version in Dockerfiles

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Return SCT when a cert is generated #119

Return SCT when a cert is generated #119

priyawadhwa commented Jun 15, 2021

priyawadhwa commented Jun 15, 2021

bobcallaway commented Jun 16, 2021

Return SCT when a cert is generated #119

Return SCT when a cert is generated #119

Comments

priyawadhwa commented Jun 15, 2021

priyawadhwa commented Jun 15, 2021

bobcallaway commented Jun 16, 2021