You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are going to remove timestamp authorities from the trust root.
We should significantly flesh this section out since it's not well discussed anywhere. This could have its own top level header, "Verifying short-lived certificates" and discuss sources of time (signed timestamps from TSAs or from Rekor) and the threat model of trusting each (distributed trust vs trusting Rekor)
Again, something to be changed in v2, separately out the timestamping portion from rekor.
We should significantly flesh this section out since it's not well discussed anywhere. This could have its own top level header, "Verifying short-lived certificates" and discuss sources of time (signed timestamps from TSAs or from Rekor) and the threat model of trusting each (distributed trust vs trusting Rekor)
Again, something to be changed in v2, separately out the timestamping portion from rekor.
Originally posted by @haydentherapper in #23 (comment)
The text was updated successfully, but these errors were encountered: