Hayden B
Hayden B
@bobcallaway .4 is out! This should be good to go
@vaikas fyi, https://github.com/sigstore/cosign/pull/1762#issuecomment-1258831932
To rotate a log, the following needs to occur: * Spin up a new Trillian instance (log server and signer) and MySQL database * The log should use the same...
Also should add a prober pinging `ct/v1/get-sth` for each log shard
Chatted with @k4leung4 about the process for sharding a CT log. To summarize, we need to add support for creating an arbitrary number of CT log instances, where each will...
@vaikas That would be very appreciated if you would like to help! My knowledge of Helm is lacking :) Happy to sync with you to chat more about this and...
> The one other thing (that's probably discussed elsewhere) is the "reverse" of this. When Fulcio Cert rotates, the new cert must be added to the trusted certs on the...
> So, I think the question really is: If we need to rotate fulcio, will that create a new stack or not? I would say no. I separate the two...
Something to mention, the root rotation will be very infrequent. Fulcio is configured with an intermediate certificate - that might change if we change the signing key for fulcio, but...
Haven’t dug into this much to see if it’s useful, but there is some configuration options for limiting when logs will accept entires https://github.com/google/certificate-transparency-go/blob/master/trillian/docs/Operation.md#temporal-sharding