From 95381c70b3c8eafeb90e07fbd4a6fac078959f04 Mon Sep 17 00:00:00 2001 From: Mark Lodato Date: Tue, 15 Jun 2021 10:17:57 -0400 Subject: [PATCH] Allow signature-less envelopes. This supports cases where the consumer is not expected to verify anything, so the producer doesn't need to use a dummy signature. --- envelope.md | 20 +++++++++++++++++--- envelope.proto | 2 +- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/envelope.md b/envelope.md index 0aa12ea..638c9ca 100644 --- a/envelope.md +++ b/envelope.md @@ -52,12 +52,26 @@ envelopes with individual signatures. } ``` +### No signatures + +An envelope MAY have zero signatures to indicate unsigned data. For example, +[SLSA 1](https://github.com/slsa-framework/slsa) does not require authenticated +[in-toto provenance](https://github.com/in-toto/attestation/blob/main/spec/predicates/provenance.md), +in which case an envelope with zero signatures may be useful. + +```json +{ + "payload": "", + "payloadType": "" +} +``` + ### Parsing rules * The following fields are REQUIRED and MUST be set, even if empty: `payload`, - `payloadType`, `signature`, `signature.sig`. -* The following fields are OPTIONAL and MAY be unset: `signature.keyid`. - An unset field MUST be treated the same as set-but-empty. + `payloadType`, `signature.sig`. +* The following fields are OPTIONAL and MAY be unset: `signature`, + `signature.keyid`. An unset field MUST be treated the same as set-but-empty. * Producers, or future versions of the spec, MAY add additional fields. Consumers MUST ignore unrecognized fields. diff --git a/envelope.proto b/envelope.proto index aaebefd..78a6faf 100644 --- a/envelope.proto +++ b/envelope.proto @@ -19,7 +19,7 @@ message Envelope { // le64(n) := 64-bit little-endian encoding of integer `n`, 0 <= n < 2^63 // len(s) := number of octets in byte sequence `s` // utf8(s) := UTF-8 encoding of unicode string `s` - // REQUIRED (length >= 1). + // OPTIONAL. repeated Signature signatures = 3; }