sigstore-js icon indicating copy to clipboard operation
sigstore-js copied to clipboard

Published 20 hours ago verified publisher icon sigstore

change default rekor type for attestations from 'intoto:0.0.2' to 'dsse'

Open bobcallaway opened this issue 1 year ago • 0 comments

Description

This has not been rolled out into the production sigstore environment yet, but it is available in staging (rekor.sigstage.dev).

https://github.com/sigstore/rekor/pull/1487 added support for a new pluggable type dsse which has the following benefits:

  • The JSON schema more clearly separates the proposed entry from what is persisted to simplify client expectations
  • The DSSE envelope is provided as a JSON string, rather than double-encoding values in base64
  • The DSSE envelope is not stored by Rekor; this is to set the client expectation that attestation storage in Rekor should not be relied upon for attestation discovery.

bobcallaway avatar May 29 '23 00:05 bobcallaway