-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loosen the keyid verification requirement? #305
Comments
Sounds reasonable to me. TAP 12 would allow an idea I have for "self-identifying" keys (esp. given your work generalising the SSLib keys backend): the keyID should specifically exactly where to find it and what it is. Generally, a self-identifying key ID would look like:
For example (here the key version is clearly encoded twice):
WDYT? |
I would like to keep this proposal as the minimal one: the last time this discussion happened the result was TAP 12 -- it's a fine TAP but it seems it is incompatible with current spec so is now in TAP limbo. I think there may be a spec change that:
|
Thanks for the constructive proposal and kudos for coming up with an elegant solution. +1 from me. |
WRT keyids, we currently say this:
I believe there is a consensus that these requirements are not useful and are even harmful:
There is a TAP https://github.com/theupdateframework/taps/blob/master/tap12.md to change this but as it reaches quite far it has not been merged to the spec yet.
proposal
In preparation for tap 12 could we just modify the language slightly so that
Both are "should" in order to keep compatibility with current implementations while guiding new implementations into the most useful functionality.
The text was updated successfully, but these errors were encountered: