-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Finalize TrustedRoot target #616
Comments
Also:
|
Also:
Will be part of v7. |
I think from convo offline, we may punt this one to v7 root. I'll update the milestone for that issue. |
The end time for the "first" Fulcio instance is roughly midnight at December 31st 2022 and the second starts at 2022-04-13T20:06:15.000Z, the overlap is pretty big, is this accurate? The CT log |
The "2022-12-31" end data came from a suggestion made by @haydentherapper and the "2022-04-13" start date for the next set of certs comes from the "Not Before" value of the intermediate cert (which is likely well before it was actually used to sign anything). Definitely erring on the side of being extra conservative in both these cases, but happy to tighten these up if someone can provide more specific values.
Yeah, you're right. The "/2022" start date came from here, but the "/test" end date needs to be adjusted (this is covered in my first todo item above). |
On the |
You can probably lower the december value, but I don't recall when we switched over so err'ing on the side of caution is reasonable. |
@asraa @kommendorkapten the only thing remaining on the todo list here is to make sure that everyone is satisfied w/ the target name. When I submitted the initial PR, I named it There was a suggestion that the name contain some indication of the type/version (but that has maybe been addressed by the Having a name that remains static over time will help a lot with target discovery (as in, we won't have to deal with it 🤞 ). |
@bdehamer agree with you that current naming is satisfactory, the object contains media type, I think we can close this issue. |
Ah yes! Good point - now that the object contains the media type, let's keep a stable name for the target. Thanks! |
Description
Remaining work for finalizing the new TrustedRoot target before the v6 root signing (see #584):
validFor
period for the "test" ctlog public key (bothstart
andend
timestamps).trusted_root.json
.The text was updated successfully, but these errors were encountered: