-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify the other fields of signature
#4
Comments
You are right, keyids should be user-defined. We are changing TUF to allow users to define unique-per-role-file (substitute role with layout for in-toto) keyids, which allows for flexibility without breaking security. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current spec lists the other fields as
...
because it was originally written as a diff from in-toto's current format (ITE-5). This needs to be fleshed out for the spec to be stand-alone.There is only one field to define:
keyid
. The meaning and semantics of this field are currently under discussion. @SantiagoTorres, @TomHennen, @nenaddedic, and I talked about this in our last meeting, but we didn't come to any conclusion. In-toto currently defines KEYID as a cryptographic hash over some representation of the key. However, it may be valuable to leave this user-defined in case users want to use an identifier with their key management system of choice.The text was updated successfully, but these errors were encountered: