Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add link to Rekor v2 doc. #37

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add link to Rekor v2 doc. #37

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@
The purpose of this repository is to store a community-edited, formal description of the architecture of Sigstore.

* [Sigstore Client Spec](client-spec.md) - This document specifies an architecture for using an automated certificate authority specifically, timestamping service, and transparency service for signing digital payloads.
* [Fulcio, A Certificate Authority for Code Signing](fulcion-spec.md) - This document describes Fulcio, a certificate authority for issuing short-lived code signing certificates for an OpenID Connect (OIDC) identity, such as an email address.
* [Rekor, A Transparency Service](rekor-spec.md) - This document describes Rekor, a signature tranparency service that securely records and makes verifiable the metadata of signed software artifacts, ensuring trust and integrity in the software supply chain.
* [Fulcio, A Certificate Authority for Code Signing](fulcio-spec.md) - This document describes Fulcio, a certificate authority for issuing short-lived code signing certificates for an OpenID Connect (OIDC) identity, such as an email address.
* [Rekor, A Transparency Service](rekor-spec.md) - This document describes Rekor, a signature tranparency service that securely records and makes verifiable the metadata of signed software artifacts, ensuring trust and integrity in the software supply chain.
* [Rekor 2.0 Proposal](https://docs.google.com/document/d/1Mi9OhzrucIyt-UCLk_FxO2_xSQZW9ow9U3Lv0ZB_PpM/edit?resourcekey=0-4rPbZPyCS7QDj26Hk0UyvA&tab=t.0#heading=h.bjitqo6lwsmn) - ⚠️ Sigstore is moving towards a new design for Rekor 2.0. This change is imminent and a spec doc will be made available in this repo in due course once the community makes the transistion. (To access the proposal doc you must be a member of the [sigstore-dev@ Google group](https://groups.google.com/g/sigstore-dev))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we include a brief one-line summary of the changes in Rekor 2.0, namely the move towards a tile-based architecture? We can link to the transparency.dev article about the benefits of tiles as well

* [Sigstore Public Deployment](sigstore-public-deployment-spec.md) - This document describes the technical and policy decisions for the public deployment of Sigstore, specifically focusing on the Fulcio and Rekor deployment for the public good instance. This document details the specific implementation choices made for Sigstore's public deployment that go beyond the requirements in the specification. Additionally, this document details the use of TUF for distributing roots of trust, and includes links to deployment respositories and resources.

## Goals
Expand Down