From 08647d2760cf6d4bb339391c2277c9897cb7fea6 Mon Sep 17 00:00:00 2001 From: Marina Moore Date: Tue, 8 Jun 2021 10:39:18 -0400 Subject: [PATCH] Add description of meta-artifact downsides for artifact movement Signed-off-by: Marina Moore --- key-revocation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/key-revocation.md b/key-revocation.md index 446eca30..dcad871a 100644 --- a/key-revocation.md +++ b/key-revocation.md @@ -61,7 +61,7 @@ A final option is to use a combination of the first and third techniques to achi This method allows signers to have relatively long lived keys, to simplify their workflow and avoid needing to resign the artifacts themselves, while enabling timely revoking of the signing key or a single artifact signature. -For efficiency, a meta-artifact can be created and maintained, containing references to a collection currently signed artifacts. And the short lived signature can be created for this single artifact, rather than every artifact individually. +For efficiency, a meta-artifact can be created and maintained, containing references to a collection currently signed artifacts. And the short lived signature can be created for this single artifact, rather than every artifact individually. This meta-artifact would need to be updated whenever the collection of artifacts changes and parsed when validating any artifact. Pros: * Allows key revocation at any time