Skip to content

Handle Sigsum witness with bad clock #33

New issue
New issue
Open
Open
Handle Sigsum witness with bad clock#33
@mchack-work

Description

@mchack-work
mchack-work
opened on Oct 14, 2025

Related to the future Sigsum support, PR #32

When running tkey-sigsum-submit we compare the witnesses timestamps with the lifetime of our submit key. If a witness has a bad clock this will stop the submission process.

Perhaps handle like this:

  • Detect bad witnesses.
  • Remove bad witnesses from proof.
  • Verify again against the policy.
  • Only fail for real if the policy still doesn't verify.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions