Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verification Plugin spec #165
Verification Plugin spec #165
Changes from 4 commits
5f46150
a640929
a3f6fda
fac8134
bbca7fb
d8f2a73
fe53ef5
4d20804
e6f4222
813d759
df68f07
072e4ba
7510952
635ebd7
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
r/
.default
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, why do we think we need this?
The notary client should be able to verify any signature format supported. I haven't seen where we need plugins for verification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
r/
.default
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sounds like it would impose instability and inconsistency.
A primary goal of Notary v2 is cloud/location independence. If a user copies an image from MAR to their ecr, they shouldn't need any special Microsoft stuff to validate it.
I'm guessing you have some ideas around new headers. Can we discuss those and find a platform neutral way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these the critical headers we are discussing here -
Given the statement - basically it means that a signature with a critical header will put a requirement on the client environment to have the plugin available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the links point to how criticality of signed attributes is implemented in JWS and COSE. If an extended attribute is marked critical (not all extended attributes need to be critical) the verifier must process it either using a plugin or equivalent verification logic.