Steve Lasker

We've outlined votes that are set for a period of time. This gives members time to asynchronously vote. It's reasonable to say a minimum number of votes must be cast....

The re-sale scenario is a perfect case. When you buy the property, do you know when you'll sell it? Even if you _plan_ to sell in 2 years, will you...

Reviewing the [spec](https://github.com/notaryproject/notaryproject/blob/main/trust-store-trust-policy-specification.md) > - **`signatureExpiry`**(*string*): This REQUIRED property specifies what implementation must do if the signature is expired. Supported values are `enforce` and `warn`. We don't have an ignore....

I'm actually suggesting we're trusting the cert, which happens to have a cname that can be used to find where content from this cert can be found. Regardless of where...

I've removed the cname validation for now. We can revisit as we make more progress on the core capabilities.

For folks to review and provide feedback, a doc comparing COSE with other signing formats. https://docs.google.com/document/d/18YVGA4mq45wfUkWrAqWkymzdHRcXxlwINKXnEp86L0w/edit#

COSE work is progressing nicely within the [cose](https://github.com/notaryproject/notation/tree/cose) branch. Upstream [go-cose](https://github.com/veraison/go-cose/tree/remote-signing) work is finalizing

The first [veraison/go-cose security review is in](https://github.com/veraison/go-cose/blob/main/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) go-cose has also completed an [rc.1 release](https://github.com/veraison/go-cose/releases/tag/v1.0.0-rc.1), only pending 1.0.0 based on implementation verifications. As a result, we'd like to bring this into...

@priteshbandi, do we want to close this as this seems to be covered in the signature specs?

Is this related to #167?