Skip to content

client-spec: reflow, fix more links #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 14, 2025
Merged

client-spec: reflow, fix more links #44

merged 1 commit into from
Apr 14, 2025

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Apr 11, 2025
edited
Loading

This fixes more links to the Algorithm Registry.

CC @haydentherapper

@woodruffw
client-spec: reflow, fix more links
f72416d 
This fixes more links to the Algorithm Registry.

Signed-off-by: William Woodruff <william@trailofbits.com>
kommendorkapten
kommendorkapten reviewed Apr 14, 2025
View reviewed changes
client-spec.md
response to the Signer. This timestamp comes from the Transparency Service’s
internal clock, which is not externally verifiable or immutable. For this
reason, a Signer SHOULD get their signatures timestamped. However, a Signer MAY
choose to omit the timestamping step; in this case, the Signer MUST use the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this is true now, we should plan for how this should be worded once Rekor V2 is out, which will not provide any signed timestamp in the response.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed!

(Could you add a new issue for that! I think there's a lot that needs to be updated/fixed in the client spec, so we should track each to make sure nothing slips through 😅)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll make an issue for it!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are also tracking rewriting the Rekor architecture doc and updating the client spec once we've stabilized the rekor v2 API.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created this #48

@kommendorkapten
Copy link
Member

Great improvement, thanks!

haydentherapper
haydentherapper approved these changes Apr 14, 2025
View reviewed changes
client-spec.md
response to the Signer. This timestamp comes from the Transparency Service’s
internal clock, which is not externally verifiable or immutable. For this
reason, a Signer SHOULD get their signatures timestamped. However, a Signer MAY
choose to omit the timestamping step; in this case, the Signer MUST use the
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are also tracking rewriting the Rekor architecture doc and updating the client spec once we've stabilized the rekor v2 API.

@woodruffw woodruffw merged commit 8fd09d0 into sigstore:main Apr 14, 2025
1 check passed
@woodruffw woodruffw deleted the ww/fix-links branch April 14, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kommendorkapten kommendorkapten kommendorkapten left review comments

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@woodruffw @kommendorkapten @haydentherapper