Hayden B
Hayden B
If a user deletes their project or an email account that can be resurrected, I think there should be an expectation that the user convey that they are no longer...
Sounds reasonable to me! Note, if in a private deployment you're using both Rekor and Fulcio, then you could avoid the need for a CT log if you leverage Rekor...
This is a discussion on trust boundaries - If your log and certificate authority operate in the same trust domain (as in, if one gets compromised, the other is likely...
Hi y'all, if you are interested still in adding support, check out https://github.com/sigstore/fulcio/pull/890 as an example PR. There's also the open PR https://github.com/sigstore/fulcio/pull/945 that discusses the set of claims we'd...
Hi all, is there any interest still in adding this? If so, feel free to submit a PR to update the configuration (this can be an `email` provider), otherwise I'll...
Something to clarify, is eduGain a federated identity provider in that it issues tokens for various upstream providers? Will emails differ for identity tokens, or do all tokens have the...
Thanks for clarifying. Let's add eduGAIN then, that should unblock a lot of educational organizations.
This is done I believe, pkg/verify/verify.go only depends on the merkle functions outside of trillian
Happy to leave this open for now until we move the logic into Sigstore-go
This came up again - Someone was using ECDSA P-521 which requires sha512