All notable changes to protobuf-specs
will be documented in this file.
The format is based on Keep a Changelog.
All versions prior to 0.2.0 are untracked.
- Allowed specifying artifact digest for verification (#406
- Added version to
SigningConfig
message (#383
- Docs: Clarify that integration time is only trustworthy with a Signed Entry Timestamp (#442
- Docs: Clarify inclusion promise requirement (#380
- Docs: Clarify that artifact digest verification should not be used with in-toto attestations (#461
- Added
TransparencyLogInstance.checkpoint_key_id
as an optional key identifier for logs that generate checkpoints (#284)
- Docs: Clarified DSSE envelope signature cardinality (#318)
- Docs: Clarifier behavior of key identifiers (#284)
- Added client configuration message for signing (#277)
- Added a new format for the media type that is compatible with OCI registries (#279)
- Added events.proto for Ruby package (#264)
- Targeted Node16 for Typescript package (#230)
- Docs: Clarified trust anchor in chain (#245
- Options for more generic observer time (#179)
- BREAKING:
VerificationMaterials.contents
now has an additionalcertificate
variant, which is preferred in0.3
bundles with the Sigstore PGI (#191) - Added algorithm registry documentation and updated
PublicKeyDetails
message (#194, #212)- Deterministic ECDSA is deprecated
- NIST-P384 and NIST-P521 curves added
- Existing (and underspecified) RSA key types are deprecated. New RSA keytypes are defined that specifies size of public modulus and hash algorithm. RSA now only supports PKCS#1 signature scheme, and PKIX (SubjectPublicKeyInfo) encoding.
- Experimental support for LMS key types.
- Deprecated support for detached SCTs (#188)
- Docs: Clarified rotation of verification materials in the trust root (#210
- CloudEvents proto for Rekor pub/sub messages (#86)
- Generate jsonschema (#112)
- Rust bindings for jsonschema (#118)
- Dependabot to update dependencies (#99)
There were no changes in this release.
- Docs: Fixed spelling error (#97)
- Docs: Clarified log index vs global log index (#101)
- Docs: Clarified purpose of SET as a signed timestamp (#100)
- Docs: Clarify message digest purpose (#114)
There were no removals in this release.
- Rust bindings have been added (#88)
-
TransparencyLogEntry.inclusion_proof
is now marked as required (was previously optional), whileTransparencyLogEntry.inclusion_promise
is now marked as optional (was previously required) (#84) -
More Rekor messages and message fields have been marked as required (#79)
-
Ruby bindings: class names have been updated and now live in the
Sigstore::
namespace (#87)
-
Docs: Clarify that
TransparencyLogEntry.canonicalized_body
is optional (#74) -
Docs: Clarify that key IDs are digests over SPKI encodings (#73)
-
Docs: Clarify that bundled certificate chains must not contain root or intermediate certificates that should be trused out-of-band (#77)
-
Docs: Clarify
TimeRange
validity periods (#78)
There were no removals in this release.