Add Rekor OID info.

This defines OIDs for most log entry fields (though not all). This is primarily intended to be used by clients that want to represent Rekor data in different formats and/or cannot use bundles. For example, gitsign cannot use the verification bundle since it uses PKCS7 signatures to keep compatibility with existing Git clients / signature formats. Since PKCS7 already defines a structure for payload hashes, it implements offline verification by deconstructing bundles into distinct OIDs then reconstructs them for verification.
sigstore · Mar 16, 2023 · 51e99cb · 51e99cb
1 parent 0e98217
commit 51e99cb
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/oid-info.md b/oid-info.md
@@ -0,0 +1,28 @@
+# Rekor OID Information
+
+## Description
+
+This document defines Rekor
+[OID values](https://github.com/sigstore/sigstore/blob/main/docs/oid-info.md).
+
+Rekor reserves the `1.3.6.1.4.1.57264.3` OID root for all of its values.
+
+## Directory
+
+| OID                       | Name                   | Description                                                                                                   |
+| ------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------------- |
+| 1.3.6.1.4.1.57264.3.1     | Integrated Time        | When the data was added to the log.                                                                           |
+| 1.3.6.1.4.1.57264.3.2     | Log ID                 | This is a SHA256 hash of the DER-encoded public key for the log at the time the entry was included in the log |
+| 1.3.6.1.4.1.57264.3.3     | Log Index              | The index of the entry in the transparency log.                                                               |
+| 1.3.6.1.4.1.57264.3.4     | Verification           | Log Entry Verification data.                                                                                  |
+| 1.3.6.1.4.1.57264.3.4.1   | Inclusion Proof        | Proof of inclusion on the transparency log.                                                                   |
+| 1.3.6.1.4.1.57264.3.4.1.1 | Checkpoint             | The checkpoint (signed tree head) that the inclusion proof is based on.                                       |
+| 1.3.6.1.4.1.57264.3.4.1.2 | Hashes                 | A list of hashes required to compute the inclusion proof, sorted in order from leaf to root.                  |
+| 1.3.6.1.4.1.57264.3.4.1.3 | Root Hash              | The hash value stored at the root of the merkle tree at the time the proof was generated.                     |
+| 1.3.6.1.4.1.57264.3.4.1.4 | Tree Size              | The size of the merkle tree at the time the inclusion proof was generated.                                    |
+| 1.3.6.1.4.1.57264.3.4.2   | Signed Entry Timestamp | Base64 encoded signature of the Inclusion Proof                                                               |
+
+### Notes:
+
+- This is not an exhaustive list of values included in a LogEntry.
+- Log Index not included in Inclusion Proof since it's already defined in `1.3.6.1.4.1.57264.3.3`.