Support verifying attestations without a log entry

[cj-jani-muuriaisniemi]

Both verify_dsse and verify_artifact API's currently require a transparency log entry to be present. However, attestations generated from workflows in internal GitHub repositories lack this log entry, by design.

It would be very useful to be able to verify such attestations using sigstore-python, with the understanding of the guarantees that are void when a log entry is not present. This could be made in such a way, that the caller of these API's (or alternative API's) would explicitly need to turn off the log entry validation.

[woodruffw]

Both verify_dsse and verify_artifact API's currently require a transparency log entry to be present. However, attestations generated from workflows in internal GitHub repositories lack this log entry, by design.

Could you share an example of one of these? I might be missing something here, but a Sigstore bundle without a transparency log entry is (I believe) definitionally invalid.

(I'm currently pretty wary of exposing a knob where we allow users to selectively disable aspects of Sigstore's verification procedure, since that puts this library in a PGP-like situation of being unable to clearly articulate what properties are asserted when verification succeeds.)

[woodruffw]

CC @haydentherapper for thoughts on the above as well 🙂 -- I realized that I'm asserting something about the bundle format (i.e. that bundles require a log entry), but I don't actually have a citation for that.

[haydentherapper]

inclusion_proof is a required field in the bundle currently, but that's correct that GitHub for private repos does not record attestations to a transparency log. We could relax this constraint and add some text like what we have for certificates that the public deployment will always have a proof but a private deployment may not.

The challenge is how to expose this verification option to users. A client should not conditionally verify a proof whether or not one is present, as a malicious artifact would just omit a proof in a bundle. For Cosign, we have private-infrastructure and insecure-ignore-tlog flags (they're an alias for one another).

I believe how verification is implemented in GitHub's CLI is that they condition whether or not a proof is required based on if the repo is private or a part of an enterprise deployment.

[cj-jani-muuriaisniemi]

I believe how verification is implemented in GitHub's CLI is that they condition whether or not a proof is required based on if the repo is private or a part of an enterprise deployment.

That is correct. When using the GH cli to verify an attestation from an internal repository, it just validates - no extra knobs or switches are needed. This of course does not mean that the sigstore implementation needs to be as simple as that - and an API flag would be perfectly ok so that you need to explicitly disable the check.

If you don't have access to generate a test attestation from an internal enterprise repository, I am happy to do so from a test org/repo that we have.