docs(adr): sanction Rekor transparency-log reads for signature continuity (amend 0015 + 0020)#134
Merged
Merged
Conversation
…uity (amend 0015 + 0020) Records the operator-accepted egress carve-out: the engine may read the public Rekor transparency log to (a) verify signature inclusion (already implicit in keyless cosign verify), (b) bootstrap a repo's signing baseline from the public history — the fix for ADR-0020's TOFU cold-start weakness — and (c) detect registry↔log divergence (tampering). Honest about the tension: ADR-0015 rejected per-CVE lookups because they leak the cluster's vulnerability profile; a Rekor query keyed on an image digest has the same shape (it leaks which images run), but the leaked datum is image identifiers (already public) not the vuln profile, and the security graph/evidence still never leave. A self-hosted Rekor mirror restores full zero-egress (inventory still works offline). - 0020 §4: the transparency-log element (inclusion + history bootstrap + divergence); cold-start consequence amended to note Rekor narrows it. - 0015: amendment section + relates-to + README status note. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Records the operator-accepted egress carve-out for ADR-0020 signature continuity.
The engine may read the public Rekor transparency log to: verify signature inclusion (already implicit in keyless cosign verify), bootstrap a repo's signing baseline from the public history (the fix for TOFU cold-start), and detect registry↔log divergence (tampering).
Honest about the tension with ADR-0015's zero-egress posture: that ADR rejected per-CVE lookups because they leak the cluster's vulnerability profile; a Rekor query keyed on an image digest has the same shape (leaks which images run) — but the leaked datum is image identifiers (already public from public registries), not the vuln profile, and the security graph/evidence still never leave. A self-hosted Rekor mirror restores full zero-egress (signature inventory still works offline; only the public history/divergence go dark).
Implemented by the new Linear ticket (Rekor bootstrap + divergence), blocked by JEF-261.
🤖 Generated with Claude Code