docs: align revocation auditability status across README and SPEC#50
Merged
docs: align revocation auditability status across README and SPEC#50
Conversation
Both docs said the revoc-artifact-hash-in-checkpoint mechanism was 'not yet
implemented' or 'deferred to v2'. In fact it shipped in feat/revoc-auditability:
Go, TypeScript, and Rust issuers already emit revoc:<hex(SHA-256(artifact))>
as the 4th extension line of every checkpoint body, covered by the issuer
signature and all witness cosignatures.
The accurate current state is partial implementation:
DONE: Go/TS/Rust issuers commit the revoc hash in checkpoint bodies
DONE: Go verifier parses the revoc: line (currently ignored)
DONE: Rust verifier extracts the revoc hash (currently ignored)
NOT YET: Java issuer does not emit the revoc: extension line
NOT YET: No verifier cross-checks the committed hash against the
fetched artifact bytes
SPEC.md §Revocation — Auditability: replaced 'deferred to a future version'
with an accurate account of what is done, what remains, and what the
end-to-end auditable chain looks like once both remaining steps are complete.
README Known Limitations: updated from 'not yet implemented' to 'partially
implemented', listing the two remaining steps (Java issuer, verifier enforcement).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Both docs claimed the revoc-artifact-hash-in-checkpoint mechanism was 'not yet implemented' or 'deferred to v2'. It shipped in
feat/revoc-auditability: Go, TypeScript, and Rust issuers already emitrevoc:<hex(SHA-256(artifact))>as the 4th checkpoint body extension line, covered by the issuer signature and all witness cosignatures.Actual current state:
revoc:line (not yet enforced)revoc:extension lineSPEC.md §Revocation — Auditability: replaced 'deferred to a future version' with the accurate implementation status and the two remaining steps to complete end-to-end enforcement.
README Known Limitations: updated from 'not yet implemented' to 'partially implemented'.