Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Derive revocation bits from root_certs, etc. #29

Open
plotnick opened this issue Mar 13, 2023 · 0 comments
Open

Derive revocation bits from root_certs, etc. #29

plotnick opened this issue Mar 13, 2023 · 0 comments

Comments

@plotnick
Copy link
Contributor

Refactoring the image signing routines (#28) left as an open TODO deriving the CFPA KeyStatus bits from root_certs (and whatever else we might need). If we pass the signing root (i.e., signing_certs[0]) then we can check that it occurs in root_certs, and maybe mark as Revoked? (I admit not understanding the difference between Revoked1 and Revoked2) the ones before that. But this appears to be partly a matter of policy rather than a stricly technical decision, so feedback would be welcome on how we intend to set and use these bits.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@plotnick