From f88104ac9667dab3704cedb77f74863b7bfa07e2 Mon Sep 17 00:00:00 2001 From: Tracy Miranda Date: Wed, 18 Dec 2024 13:03:24 -0500 Subject: [PATCH] Add link to Rekor v2 doc. Fixes #31 Signed-off-by: Tracy Miranda --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2c8fa6c..2caff26 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,9 @@ The purpose of this repository is to store a community-edited, formal description of the architecture of Sigstore. * [Sigstore Client Spec](client-spec.md) - This document specifies an architecture for using an automated certificate authority specifically, timestamping service, and transparency service for signing digital payloads. - * [Fulcio, A Certificate Authority for Code Signing](fulcion-spec.md) - This document describes Fulcio, a certificate authority for issuing short-lived code signing certificates for an OpenID Connect (OIDC) identity, such as an email address. - * [Rekor, A Transparency Service](rekor-spec.md) - This document describes Rekor, a signature tranparency service that securely records and makes verifiable the metadata of signed software artifacts, ensuring trust and integrity in the software supply chain. + * [Fulcio, A Certificate Authority for Code Signing](fulcio-spec.md) - This document describes Fulcio, a certificate authority for issuing short-lived code signing certificates for an OpenID Connect (OIDC) identity, such as an email address. + * [Rekor, A Transparency Service](rekor-spec.md) - This document describes Rekor, a signature tranparency service that securely records and makes verifiable the metadata of signed software artifacts, ensuring trust and integrity in the software supply chain. + * [Rekor 2.0 Proposal](https://docs.google.com/document/d/1Mi9OhzrucIyt-UCLk_FxO2_xSQZW9ow9U3Lv0ZB_PpM/edit?resourcekey=0-4rPbZPyCS7QDj26Hk0UyvA&tab=t.0#heading=h.bjitqo6lwsmn) - ⚠️ Sigstore is moving towards a new design for Rekor 2.0. This change is imminent and a spec doc will be made available in this repo in due course once the community makes the transistion. (To access the proposal doc you must be a member of the [sigstore-dev@ Google group](https://groups.google.com/g/sigstore-dev)) * [Sigstore Public Deployment](sigstore-public-deployment-spec.md) - This document describes the technical and policy decisions for the public deployment of Sigstore, specifically focusing on the Fulcio and Rekor deployment for the public good instance. This document details the specific implementation choices made for Sigstore's public deployment that go beyond the requirements in the specification. Additionally, this document details the use of TUF for distributing roots of trust, and includes links to deployment respositories and resources. ## Goals