ITE-5 has been merged as draft
18 views
Skip to first unread message
Santiago Torres Arias
May 22, 2021, 5:21:09 PM5/22/21
to in-toto-ml
Hello Everyone,
Earlier on the year we approved a new extension to in-toto: ITE-5. This
extension relates to disassociating the signature wrapper from the main
specification. We believe that this change will ease integration for adopters
that may have different restrictions when it comes to cryptographic signing
mechanisms. Further, while the ITE removes the reuqirement of using a
particular signing specification, we will still recommend the usage of SSL's
signing spec. We believe that this will still allow for a reasonable level of
agreement between producers and consumers of metadata.
The ITE being merged as a draft means that there's still space of discussion,
we hope that by end of the month we have reached consensus, so that we can move
onto adding support for ITE-5 to implementations in the third and fourth
quarters of 2021.
As a sponsor, I'll be collecting feedback on this email thread, as well as any
GitHub issues and any virtual meetings (which will be open for everybody).
If you have any questions about the process or specifics do not hesitate to
reach out to me.
Thank you!
-Santiago
Earlier on the year we approved a new extension to in-toto: ITE-5. This
extension relates to disassociating the signature wrapper from the main
specification. We believe that this change will ease integration for adopters
that may have different restrictions when it comes to cryptographic signing
mechanisms. Further, while the ITE removes the reuqirement of using a
particular signing specification, we will still recommend the usage of SSL's
signing spec. We believe that this will still allow for a reasonable level of
agreement between producers and consumers of metadata.
The ITE being merged as a draft means that there's still space of discussion,
we hope that by end of the month we have reached consensus, so that we can move
onto adding support for ITE-5 to implementations in the third and fourth
quarters of 2021.
As a sponsor, I'll be collecting feedback on this email thread, as well as any
GitHub issues and any virtual meetings (which will be open for everybody).
If you have any questions about the process or specifics do not hesitate to
reach out to me.
Thank you!
-Santiago
Aditya Sirish A Yelgundhalli
Aug 24, 2021, 10:03:07 AM8/24/21
to in-toto...@googlegroups.com, sant...@nyu.edu
Hello everyone,
Since ITE-5 was merged as a draft, the signature
specification referenced in it has seen significant progress,
including a formal name. It is now known as DSSE (Dead Simple
Signing Envelope), and can be found here: https://github.com/secure-systems-lab/dsse.
DSSE has also had a v1.0 release! Therefore, I think it's time
to discuss a pathway for this ITE to reach "Accepted" status.
Please let us know what you think needs to happen for ITE-5 to
proceed. I'm going to be helping Santiago, the sponsor for
this ITE, collect feedback and coordinate changes if any.
Thank you!
Aditya Sirish
--
You received this message because you are subscribed to the Google Groups "in-toto-public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to in-toto-publi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/in-toto-public/YKl1wISF7THDaRbM%40LykOS.localdomain.
Aditya Sirish A Yelgundhalli
Aug 24, 2021, 11:27:04 AM8/24/21
to in-toto...@googlegroups.com, sant...@nyu.edu
Based on some feedback, we've opened the following GitHub issue
to collect discussions on this matter:
https://github.com/in-toto/ITE/issues/22. Please feel free to
leave any thoughts you may have there, or if GitHub is not your
cup of tea, this mailing list works fine too. :)
- Aditya
Reply all
Reply to author
Forward
0 new messages