Inconsistent Signing Workflow

Open shizhMSFT opened this issue 3 years ago • 2 comments

There is a conflict in the signing workflow.

signing-and-verification-workflow.md verifies the certificate chain before signing (steps 1.i and 1.iii).
specs/plugin-extensibility.md verifies the ceritifate chain after signing (steps 5.i.c and 5.i.d.c).

Aug 29 '22 08:08 shizhMSFT

I think signing-and-verification-workflow.md was written with local signing in mind and specs/plugin-extensibility.md was written for remote signing. Since we don't have access to the chain before we generate the digital signature in the case of remote signing, we need to verify the chain after signing.

Aug 30 '22 00:08 rgnote