Mirror DSSE Revision Contract

Module

AirGap

Status

PARTIALLY_IMPLEMENTED

Description

Defines the DSSE signing contract revision for mirror bundles, specifying envelope format, digest algorithm choices, and manifest inclusion rules for air-gapped import verification. Implementation is coordination-level (docs + scripts).

What's Implemented

DSSE envelope signing/verification infrastructure: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/DsseEnvelope.cs, DsseSignature.cs
DSSE verification step: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/DsseSignatureVerificationStep.cs
Importer DSSE parsing: src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs
Bundle library with manifest support: src/AirGap/__Libraries/StellaOps.AirGap.Bundle/
SPDX3 DSSE signing: src/Attestor/__Libraries/StellaOps.Attestor.Spdx3/DsseSpdx3Signer.*.cs
Source: SPRINT_0150_0001_0001_mirror_dsse.md

What's Missing

The mirror-specific DSSE revision contract (specifying envelope format, digest algorithm choices, manifest inclusion rules for mirror bundles specifically) may need formalization as a versioned contract document
Mirror-specific DSSE tests are referenced in TASKS.md files but may not be complete

Implementation Plan

Formalize mirror DSSE contract as versioned specification
Add mirror-specific DSSE validation tests
Verify digest algorithm choices are consistent across mirror pipeline

Source: SPRINT_0150_0001_0001_mirror_dsse.md

1.5 KiB Raw Permalink Blame History