You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to support the TrustedRoot JSON format in a simple way for air-gapped environments.
Currently, there are 3 ways to specify the trusted keys in the TrustRoot CRD:
Remote: Using a root JSON and TUF URL, this will fetch the trusted root via TUF
Repository: Using a root JSON and serialized TUF filesystem (base64, tarred, gzipped set of files, aka MirrorFS), this allows for air-gapped mode starting from a TUF repository
SigstoreKeys: This struct provides much of the same functionality of the TrustedRoot JSON, but is missing validity time periods, and requires conversion to the TrustedRoot format as many of the data types are subtly different (for example, certs are represented as DER in TrustedRoot, and PEM in SigstoreKeys)
My proposal is to add a TrustedRootJSON type (either string or []byte) to the CRD that contains the trusted root JSON as defined by the protobuf spec. This would allow for full support of trusted root in the simplest way possible.
The text was updated successfully, but these errors were encountered:
Description
I would like to support the TrustedRoot JSON format in a simple way for air-gapped environments.
Currently, there are 3 ways to specify the trusted keys in the TrustRoot CRD:
My proposal is to add a
TrustedRootJSON
type (either string or []byte) to the CRD that contains the trusted root JSON as defined by the protobuf spec. This would allow for full support of trusted root in the simplest way possible.The text was updated successfully, but these errors were encountered: