1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
Source: golang-github-sigstore-timestamp-authority
Section: golang
Priority: optional
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Uploaders:
Simon Josefsson <simon@josefsson.org>,
Rules-Requires-Root: no
Build-Depends:
debhelper-compat (= 13),
dh-sequence-golang,
golang-any,
golang-github-beevik-ntp-dev,
golang-github-digitorus-pkcs7-dev,
golang-github-digitorus-timestamp-dev,
golang-github-go-chi-chi-dev,
golang-github-go-openapi-errors-dev,
golang-github-go-openapi-loads-dev,
golang-github-go-openapi-runtime-dev,
golang-github-go-openapi-spec-dev,
golang-github-go-openapi-strfmt-dev,
golang-github-go-openapi-swag-dev,
golang-github-google-go-cmp-dev,
golang-github-mitchellh-go-homedir-dev,
golang-github-mitchellh-mapstructure-dev,
golang-github-pkg-errors-dev,
golang-github-rs-cors-dev,
golang-github-sigstore-sigstore-dev,
golang-github-spf13-cobra-dev,
golang-github-spf13-pflag-dev,
golang-github-spf13-viper-dev,
golang-github-urfave-negroni-dev,
golang-go.uber-zap-dev,
golang-golang-x-net-dev,
golang-google-cloud-dev,
golang-google-protobuf-dev,
golang-gopkg-yaml.v3-dev,
golang-k8s-sigs-release-utils-dev,
golang-prometheus-client-dev,
Testsuite: autopkgtest-pkg-go
Standards-Version: 4.7.0
Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-sigstore-timestamp-authority
Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-sigstore-timestamp-authority.git
Homepage: https://github.com/sigstore/timestamp-authority
XS-Go-Import-Path: github.com/sigstore/timestamp-authority
Package: golang-github-sigstore-timestamp-authority-dev
Architecture: all
Multi-Arch: foreign
Depends:
golang-github-beevik-ntp-dev,
golang-github-digitorus-pkcs7-dev,
golang-github-digitorus-timestamp-dev,
golang-github-go-chi-chi-dev,
golang-github-go-openapi-errors-dev,
golang-github-go-openapi-loads-dev,
golang-github-go-openapi-runtime-dev,
golang-github-go-openapi-spec-dev,
golang-github-go-openapi-strfmt-dev,
golang-github-go-openapi-swag-dev,
golang-github-google-go-cmp-dev,
golang-github-mitchellh-go-homedir-dev,
golang-github-mitchellh-mapstructure-dev,
golang-github-pkg-errors-dev,
golang-github-rs-cors-dev,
golang-github-sigstore-sigstore-dev,
golang-github-spf13-cobra-dev,
golang-github-spf13-pflag-dev,
golang-github-spf13-viper-dev,
golang-github-urfave-negroni-dev,
golang-go.uber-zap-dev,
golang-golang-x-net-dev,
golang-google-cloud-dev,
golang-google-protobuf-dev,
golang-gopkg-yaml.v3-dev,
golang-k8s-sigs-release-utils-dev,
golang-prometheus-client-dev,
${misc:Depends},
Description: Sigstore RFC3161 Timestamp Authority (Go library)
Sigstore Timestamp Authority
.
A service for issuing RFC 3161 timestamps
(https://datatracker.ietf.org/doc/html/rfc3161).
.
Timestamps conform to the RFC 3628 policy
(https://datatracker.ietf.org/doc/html/rfc3628). The timestamp structure
conforms to the updates in RFC 5816
(https://datatracker.ietf.org/doc/rfc5816).
.
Trusted timestamping
(https://en.wikipedia.org/wiki/Trusted_timestamping) is a process that
has been around for some time. It provides a timestamp record of when a
document was created or modified.
.
A timestamp authority creates signed timestamps using public key
infrastructure. The operator of the timestamp authority must secure the
signing key material to prevent unauthorized timestamp signing.
.
Timestamping within Sigstore
.
Timestamps are a critical component of Rekor
(https://github.com/sigstore/rekor), Sigstore's signature transparency
log. Timestamps are used to verify short-lived certificates. Currently,
the timestamp comes from Rekor's own internal clock, which is not
externally verifiable or immutable. Using signed timestamps issued from
timestamp authorities mitigates the risk of Rekor's clock being
manipulated.
|
