Skip to content

Commit

Permalink
Update client-spec.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Zach Steindler <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>
  • Loading branch information
@kommendorkapten @steiza
kommendorkapten and steiza authored Jan 8, 2025
1 parent c5011fd commit 1ea9e4b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion client-spec.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ The Verifier now constructs the payload to be signed from the artifact and the a
* Using the raw bytes of the artifact as the payload.
* Hashing the artifact, then using the resultant digest as the payload.
* Using [DSSE](https://github.com/secure-systems-lab/dsse/blob/master/protocol.md) as an envelope for the payload which MUST be an in-toto statement.
* Verifier MUST ensure that the artifact's digest/alg tuple is present in the list of subject in the in-toto statement.
* Verifier MUST ensure that the artifact's digest/algorithm tuple is present in the list of subjects in the in-toto statement.
* Verifier SHOULD accept the raw artifact and compute the message digest to minimize any risk for confusion attacks.

The Verifier MUST verify the provided signature for the constructed payload against the key in the leaf of the certificate chain.
Expand Down

0 comments on commit 1ea9e4b

Please sign in to comment.