-
Notifications
You must be signed in to change notification settings - Fork 551
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Chain" for verification is confusingly named #2472
Comments
There are two possible changes here:
This means that it's no longer a 2.0 blocker. Our APIs should also reflect this. |
Something to learn from is how openssl implements this - You pass a set of trusted certificates (typically root certs) and "untrusted" certs used for chain building (typically intermediates). I'd avoid using "untrusted", but splitting up a chain makes sense. It also lets us easily pass sets of roots rather than a single root in a chain. We also chatted about how Sigstore's TUF targets don't differentiate between trusted roots and chain building intermediates. This is something we should address. |
being able to pass a set of roots (a bundle) would be very convenient! If there are no big "conceptual" hurdles / objections etc, I'd volunteer to help this happen. |
could we split the |
See helpful context: #2461 (comment)_
The text was updated successfully, but these errors were encountered: