On Thu, Jan 30, 2025 at 10:22:51AM +0100, Simon Josefsson wrote:
Linus Nordberg via Sigsum-general sigsum-general@lists.sigsum.org writes:
I think that Sigsum services need at least the following attributes, each of them unique to an instance:
- an identity, typically a hash of a signing key
- an internet address, typically a URL
- a name useful for humans
Would it make sense to encourage a naming scheme that include the key?
I'm thinking a Sigsum policy file like this:
log https://stable-2024-seasalp-0ec7e16843119b120377a73913ac6acbc2d03d82432e2c36... witness https://witness-stable-2024-stockholm-28c92a5a3a054d317c86fc2eeb6a7ab2054d62...
Use base32 to compress the key part if size is a factor.
It makes sense, yes. What you're describing is pretty much a "vkey":
witness.example.org/fooname+33f20420+AR...qC
Which most notably includes a name and the key in base64.
https://git.glasklar.is/sigsum/project/documentation/-/blob/main/proposals/2...
There's some momentum on using this format for, e.g., witness keys; and I suspect that our trust policy format will eventually use it instead of
witness <NAME> <HEX-KEY>
lines for specifying witnesses. So basically:
witness witness.example.org/fooname+33f20420+AR...qC
This is by the way my bias towards not specifying "witness" in the name, because I think it is mostly evident from the context where it's used.
That said, I'd be +1 for overly clear names since I don't have a good argument for why the context will always be "clear from the context".
-Rasmus
/Simon