Aditya Sirish

https://github.com/sigstore/protobuf-specs/pull/145 We actually discussed using a subset of VerificationMaterials to omit the key ID as the signature has its own key ID field (https://github.com/sigstore/sig-clients/issues/9). Once that PR is merged, for...

Hi @cutecutecat, have you joined the CNCF slack workspace by any chance? At a high level, I think the proposal is in a good state. cc @SantiagoTorres

Hi @ashutoshsao, could you open a PR? Also, consider taking a look at #22 as well. If this is a key created just for this purpose and it's not used...

Looks like there's a slightly different process for applying this license documented here: https://github.com/CommunitySpecification/Community_Specification/blob/main/..Getting%20Started.md

Can you draft a patch to switch us over?

Thanks!

Thinking about it some more, I don't know if the spec is the right place for this issue. We want to make in-toto serialization format agnostic, I think, like TUF?...

Does the use of ITE-2 to associate layouts generally handle this? Can we close it with #75 even if expiration isn't explicitly mentioned there?

Note that it could be a non-DSSE envelope too, but by default it is DSSE. Also note that the DSSE spec provides the proto but implementations currently don't really use...

https://github.com/secure-systems-lab/go-securesystemslib/tree/main/dsse is the DSSE implementation we're using in in-toto implementations and elsewhere for Go. FWIW, there's some work planned to streamline the Go libaries for in-toto specifically, so some of...