HackMD - Collaborative Markdown Knowledge Base

### Meeting notes 4/8/21 Discussion about https://hackmd.io/9mc_kvXoRc2GmjOnz0_eYA * Justin - Signature expiry * Need not have additional expiry timestamp * There may not be a explicit support period by a publisher * Validation should not fail for expiry time * Niaz - for short lived keys * Signatures are associated with cert expiry * TS certs are valid for longer time 10 yr * Signature allows publisher to indicate that once signature is expired publisher wanted it to be considered untrusted * Justin - Use can attach policies, standard metadata annotation for custom validation rule, can include expiry in it * Steve - A publisher may not be around for maintaining their software over a long time and want to indicate a expiry * Niaz - failure mode can be different, may log instead of fail , is there a standard mechanism * Justin - we not have control over validation environment , we can’t rely on the env * Basic validation, and extended rules and validation by customer defined validation rules * Sam - Can emit standard error messages * Niaz - we need to define define signature verification and failure modes * Justin - transparent key rotation can be out of scope * Signature Allowlist/denylist can be an add on and may not be required in MVP * Feedback from customer did not require it * Niaz - revocation as an optional * Key expiry duration can be a just a recommendation for customers * Sravan: allow list and deny list would make the customer experience even better, but don't sound like critical requirements * Steve - Denylist - Customers will make mistakes, and the content will propagate across their environment. Having a way to "recall" gives them the comfort * Niaz - Customer may not be able to sign with Timestamp signature in some environments, need to call out implication of signing without timestamp signature, on validation and key expiry. Key compromise can be problematic when timestamp signature is not present. * Justin - Git commits are signed by humans, containers are signed by computers which are ephemeral and keys can be short lived