sigstore-js
sigstore-js copied to clipboard
change default rekor type for attestations from 'intoto:0.0.2' to 'dsse'
Description
This has not been rolled out into the production sigstore environment yet, but it is available in staging (rekor.sigstage.dev).
https://github.com/sigstore/rekor/pull/1487 added support for a new pluggable type dsse
which has the following benefits:
- The JSON schema more clearly separates the proposed entry from what is persisted to simplify client expectations
- The DSSE envelope is provided as a JSON string, rather than double-encoding values in base64
- The DSSE envelope is not stored by Rekor; this is to set the client expectation that attestation storage in Rekor should not be relied upon for attestation discovery.