Skip to content

PGI spec: add supported algorithms section #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

PGI spec: add supported algorithms section #47

wants to merge 5 commits into from

Conversation

woodruffw
Copy link
Member

WIP; flagging some questions/discussion topics below 🙂

This is my attempt to make progress on the question of "what algorithms should a client support/need to support to interoperate with the public good instance?"

xrefs:

@woodruffw woodruffw self-assigned this Apr 14, 2025
woodruffw
woodruffw commented Apr 14, 2025
View reviewed changes
haydentherapper
haydentherapper reviewed Apr 15, 2025
View reviewed changes
@woodruffw
add TSA section
c2980eb 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw
attempt to better document algorithm purposes
9be1517 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw
update algorithms
aa54728 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw
clarify Rekor versions
e4ffb6b 
Signed-off-by: William Woodruff <[email protected]>
woodruffw
woodruffw commented Apr 15, 2025
View reviewed changes
algorithm-registry.md
Comment on lines +18 to +26
| Symbol | Description | Example |
|--------|-------------| ------- |
| 🔑 | End-user signing (ephemeral or long-lived keys) | A user signing with [`cosign`] |
| 🔗 | TUF metadata signing | [sigstore/root-signing] |
| 🔏 | Certificate authority materials (CA chains) | [Fulcio] |
| 🪵 | Certificate transparency log materials (log keys and inclusion proofs) | Fulcio's [CT log] |
| ⏰ | Timestamp authority materials (TSA chains and signed timestamps) | [sigstore/timestamp-authority] |
| 📝 | Signature transparency log materials (log keys and inclusion proofs) | [Rekor] |
| 👀 | Witness keys and signatures | Third-party log witnesses |
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flagging: I added this legend to make the table below easier to follow, but I could also see it possibly making things more confusing (or too messy with the emojis); curious what others think!

@kommendorkapten
Copy link
Member

The changes looks good, thanks for doing this @woodruffw

One question I have

  • For client interoperability, I understand this as ecdsa-sha2-256-nistp256 is the only algorithm now that's guaranteed for work for all clients? We have talked about having ecdsa-sha2-384-nistp384 and ecdsa-sha2-512-nistp521 as required algorithms too (and Ed25519 for Rekor V2). Will this be added later or did I misunderstand something? If we start with only one algorithm as required to reflect the current state, then give clients time to upgrade, that's fine. I'm asking as if we should cut a new release of the Sigstore bundle that looks down the required set of algorithms, listing P384 and P521 is preferable.

@haydentherapper
Copy link

I wonder if we need another section before that summarizes the intersection of all required algorithms across the services, which would be ecdsa-sha2-256-nistp256, ecdsa-sha2-384-nistp384, and ed25519.

@woodruffw
Copy link
Member Author

@kommendorkapten

  • For client interoperability, I understand this as ecdsa-sha2-256-nistp256 is the only algorithm now that's guaranteed for work for all clients?

Yeah, I think positively speaking ecdsa-sha2-256-nistp256 is the only algorithm that's guaranteed to consistently work for all clients. ecdsa-sha2-256-nistp384 (i.e. one of the weird pairings) also typically works for all clients, since it's currently tested via the conformance suite (although of course we'll want to hard-forbid that with the next bundle version).

Normatively speaking IMO ecdsa-sha2-256-nistp256, ecdsa-sha2-384-nistp384, ecdsa-sha2-512-nistp521, and ed25519 should all be required in conforming clients. I just didn't include that since it isn't the status quo 🙂

TL;DR: I think what we should do here is:

  1. Land a positive description of what currently works and is required
  2. Lock down v4 bundles with the normative description of what's required/forbidden, and then update here

How does that sound?

@haydentherapper

I wonder if we need another section before that summarizes the intersection of all required algorithms across the services, which would be ecdsa-sha2-256-nistp256, ecdsa-sha2-384-nistp384, and ed25519.

I can add that! Are you thinking that makes sense in the PGI doc?

@haydentherapper
Copy link

I can add that! Are you thinking that makes sense in the PGI doc?

I was thinking we'd add that to this doc. Your second point covers that though, that we'll revisit this with a v4 bundle spec update.

@kommendorkapten
Copy link
Member

How does that sound?

Perfect, that is what I think we should do, as it was what we discussed in sigstore/protobuf-specs#566

Just wanted to make sure we're all aligned 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper left review comments

@steiza steiza Awaiting requested review from steiza

@kommendorkapten kommendorkapten Awaiting requested review from kommendorkapten

At least 1 approving review is required to merge this pull request.

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@woodruffw @kommendorkapten @haydentherapper @steiza