A small CC0 adjacent kit for sealed publications — possible cross-pollination with Sigstore
21 views
Skip to first unread message
John Bradley
May 21, 2026, 5:53:49 PM (3 days ago) May 21
to sigsto...@googlegroups.com
To the Sigstore community,
I'm sharing a small CC0 toolkit (myriam-kit) on the off-chance it's of interest to the broader transparency-log / sealed-publication ecosystem.
It's positioned next to Sigstore / Sigsum / Certificate Transparency rather than competing with them. Architecture: SHA-256 Merkle root over a small (≤20) text-fact set → OpenTimestamps Bitcoin anchor → IPFS pin → static-site presentation with a browser-based verifier.
https://github.com/CrunchyJohnHaven/myriam-kit
What it adds to the existing transparency-log space (or perhaps duplicates):
- Designed for non-developer publishers (whistleblowers, trial sponsors, AI labs)
- Tiny code surface (~150 LOC Python + ~120 LOC JS verifier)
- Public-domain (CC0), no maintenance commitment by any organization
- Three worked example kits with adoption guides
Where I'd value Sigstore-community feedback:
1. Is the Merkle-root + OTS anchoring pattern conceptually compatible with Sigstore's Rekor-style transparency log, or are they doing structurally different things?
2. Are there integration patterns where a publisher could optionally also publish to Rekor for the same root, and would that be valuable?
No ask, no expectation; just sharing the artifact in case it's useful or generates feedback.
John Bradley
Creativity Machine LLC
I'm sharing a small CC0 toolkit (myriam-kit) on the off-chance it's of interest to the broader transparency-log / sealed-publication ecosystem.
It's positioned next to Sigstore / Sigsum / Certificate Transparency rather than competing with them. Architecture: SHA-256 Merkle root over a small (≤20) text-fact set → OpenTimestamps Bitcoin anchor → IPFS pin → static-site presentation with a browser-based verifier.
https://github.com/CrunchyJohnHaven/myriam-kit
What it adds to the existing transparency-log space (or perhaps duplicates):
- Designed for non-developer publishers (whistleblowers, trial sponsors, AI labs)
- Tiny code surface (~150 LOC Python + ~120 LOC JS verifier)
- Public-domain (CC0), no maintenance commitment by any organization
- Three worked example kits with adoption guides
Where I'd value Sigstore-community feedback:
1. Is the Merkle-root + OTS anchoring pattern conceptually compatible with Sigstore's Rekor-style transparency log, or are they doing structurally different things?
2. Are there integration patterns where a publisher could optionally also publish to Rekor for the same root, and would that be valuable?
No ask, no expectation; just sharing the artifact in case it's useful or generates feedback.
John Bradley
Creativity Machine LLC
Reply all
Reply to author
Forward
0 new messages