Mukuls77

cosign support verify using image with Tag, as during cosign verify cosign converts tag to digest before doing the verification, so i dont see really the benefit of doing the...

Mu suggestion would be to have a flag -disableMutation similar to what we have for disabling TUF (-disableTUF) so if this flag is used than the logic for Mutating TAG...

I have tested the scenario on a cluster now sharing the working and not working logs [TestResults.zip](https://github.com/sigstore/policy-controller/files/11329396/TestResults.zip)

Hi Hector the cosign base code support the flow in which we set the SIGSTORE_ROOT_FILE env variable to rootCert and than in verify command we dont pass any Intermediate cert...

Hi Hector thanks for the update. actually i used a new set of certs for generating these logs, and i validated that i am using correct root cert in my...

Hi Hector i tried the policy validation again with a different set of leaf, intermediate and root cert but the result is the same if it only use root cert...

@hectorj2f can you pls provide the certs (leaf , intermediate, root) and the leaf key so that i can check this case, as i tried it myself using my certs...

I created Cert chain (Root->intermediate->leaf) using opnessl. I used the file based signer of the TSA and used the leaf key and the cert chain created as input for TSA....

I was able to print the tsq and tsr in human readable from using openssl /home/mukul/tsa/kmssigner>openssl ts -reply -in response.tsr [-text](url) Using configuration from /usr/lib/ssl/openssl.cnf Status info: Status: Granted. [Status](url)...

@haydentherapper did you find any error in the procedure i used for KMS based signer