Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,10 @@ See [SECURITY.md](SECURITY.md) for the full advisory.
lifecycle status and `registry_revision`.
- [`KNOWN_KEYS.json`](KNOWN_KEYS.json) is a deprecated compatibility archive. It is intentionally
not a flat map and cannot honestly authorize the compromised key.
- The service compatibility endpoint `/.well-known/keys` is required to become active-key-only as
part of the corresponding service deployment. Historical key bytes belong in the lifecycle
registry. Verify the live endpoint after deployment; this source PR does not deploy it.
- The production service compatibility endpoint `/.well-known/keys` is active-key-only following
the 2026-07-11 service cutover. The former key is absent from active discovery and is retained
only in the lifecycle registry with `compromised` status. This repository records verifier
source; that completed service cutover does not mean the target package versions are published.

The current-domain registry is an operational disclosure, not an independent trust root. A
security-sensitive verifier should pin a reviewed registry out of band, authenticate updates, and
Expand Down
20 changes: 12 additions & 8 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@

## Advisory DFF-2026-07-11-01 — signer lifecycle bypass

Status: source fixes prepared; package publication and service rollout are separate release gates.
Status: production service cutover completed 2026-07-11; hardened source merged; package
publication remains a separate, incomplete release gate.

Earlier Python, JavaScript, and Rust verifiers could treat successful Ed25519 mathematics against a
flat key map as an overall accepted result. Flat key bytes contain no lifecycle status. After a key
Expand Down Expand Up @@ -59,21 +60,24 @@ The C# sample is not a reference verifier. It lacks conformance-tested canonical
and anti-rollback logic. Its network response is explicitly unverified; compatibility methods that
could return an actionable verdict throw `NotSupportedException`.

### Package and deployment completion criteria
### Service cutover and package-release criteria

Do not call the rotation clean until all of the following are recorded:
The production service cutover is complete: `/.well-known/keys` exposes only the active key, while
the lifecycle registry retains the former public key with `compromised` status. Live endpoints,
logs, and rollback were verified as part of that deployment. Those service facts do not publish or
attest to any package-registry artifact.

Do not call the verifier **package** rotation complete until all of the following are recorded:

1. the reviewed source commit and passing CI;
2. package builds from that exact commit;
3. registry publication through normal release controls;
4. clean-environment installation and compromised-key rejection tests for every package;
5. artifact hashes and source provenance;
6. service deployment where `/.well-known/keys` exposes only the active key and the lifecycle
registry retains historical keys with status;
7. live endpoint, logs, and rollback verification;
8. advisory update naming the released versions and completion time.
6. advisory update naming the released versions and completion time.

This repository does not publish packages or deploy the service merely by merging a source PR.
Merging source in this repository does not publish packages. The target versions above remain
unreleased until their registry publications and clean-install checks are recorded.

## Reporting a vulnerability

Expand Down
Loading