Attestations require uploading entire payload to rekor

[jonjohnsonjr]

Description

Recently ran into an issue where we have an absurdly large attestation (130MB) that is rejected by rekor due to its size.

Arguably, this is a bug in rekor, but I think it's really a bug in how cosign attestations work. Both the dsse and intoto record types require uploading the entire attestation payload to rekor. If they're small enough, rekor will store the intoto attestation. AFAICT, rekor doesn't store the dsse payload at all, but it does require you to upload the entire thing.

Cosign should support a form of attestation that doesn't require the entire payload be uploaded to rekor.

This is part of why I initially proposed an OCI descriptor as the payload format, since embedding data is an optional thing. I think sigstore ended up using dsse so that the payload type could be signed, but I can't remember the details.

Anyway, it would be great if someone could tell me I'm just holding this wrong or something, but I'd love an easy way to attest a large thing. Should I just attest an OCI descriptor that points to the large thing? Is there an existing pattern that people use for this?

It would take a lot of load off of rekor if it could just verify a hash instead of the entire payload, so maybe what we need is a form of cosign attest that stores and verifies a hashedrekord? Does that even make sense? If someone can hold all of this in their head, I'd love your opinions on what the right path forward would be.