Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for SCT formats #718

Merged
merged 1 commit into from
Aug 3, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion fulcio.proto
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,12 @@ message SigningCertificateDetachedSCT {
*/
CertificateChain chain = 1;
/*
* The signed certificate timestamp is a promise for including the certificate in
* The Signed Certificate Timestamp (SCT) is a promise for including the certificate in
* a certificate transparency log. It can be "stapled" to verify the inclusion of
* a certificate in the log in an offline fashion.
*
* The SCT format is an AddChainResponse struct, defined in
* https://github.com/google/certificate-transparency-go
*/
bytes signed_certificate_timestamp = 2;
}
Expand All @@ -172,6 +175,10 @@ message SigningCertificateEmbeddedSCT {
* by all intermediate certificates (if present), finishing with the root certificate.
*
* All values are PEM-encoded certificates.
*
* The leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to
* verify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,
* as defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
*/
CertificateChain chain = 1;
}
Expand Down
4 changes: 2 additions & 2 deletions fulcio.swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@
"signedCertificateTimestamp": {
"type": "string",
"format": "byte",
"description": "The signed certificate timestamp is a promise for including the certificate in\na certificate transparency log. It can be \"stapled\" to verify the inclusion of\na certificate in the log in an offline fashion."
"description": "The Signed Certificate Timestamp (SCT) is a promise for including the certificate in\na certificate transparency log. It can be \"stapled\" to verify the inclusion of\na certificate in the log in an offline fashion.\n\nThe SCT format is an AddChainResponse struct, defined in\nhttps://github.com/google/certificate-transparency-go"
}
},
"title": "(-- api-linter: core::0142::time-field-type=disabled\n aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding. --)"
Expand All @@ -305,7 +305,7 @@
"properties": {
"chain": {
"$ref": "#/definitions/v2CertificateChain",
"description": "The certificate chain serialized with the leaf certificate first, followed\nby all intermediate certificates (if present), finishing with the root certificate.\n\nAll values are PEM-encoded certificates."
"description": "The certificate chain serialized with the leaf certificate first, followed\nby all intermediate certificates (if present), finishing with the root certificate.\n\nAll values are PEM-encoded certificates.\n\nThe leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to\nverify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,\nas defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3"
}
}
},
Expand Down
11 changes: 9 additions & 2 deletions pkg/generated/protobuf/fulcio.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/generated/protobuf/legacy/fulcio_legacy.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.