Open
Description
The main roadmap for PEP 740 is in #15871; this tracks related items that aren't blockers, but need to be thought about more and/or addressed in the medium-to-long term.
- Support for other attestation types. Right now the "PyPI Publish" and SLSA types are supported, although the SLSA type is currently gated off since nothing is uploading it yet. The latter should be enabled. Assignee: @facutuesca
- Extract and present X.509 extensions within the attestation's certificate (along with the other useful stuff at the X.509 layer) Assignee: @DarkaMaul
- Evaluate additional forms of domain separation in the attestation body. Right now there's a scenario in which a single workflow identity can sign publish attestations for both PyPI and TestPyPI, and those two attestations are indistinguishable (since a publish attestation doesn't currently encode its intended "recipient" index). This leaves open a subset of index poisoning attacks, where an attacker manages to obtain attestations intended for TestPyPI and gets PyPI to serve them instead. @alex and I originally discussed this ~2 years ago and the original approach within Fulcio itself didn't pan out, so it needs to be tackled within the attestation body itself.
- The solution to this is to encode a domain separator in the attestation payload, which could be as simple as the current OIDC audiences for PyPI and TestPyPI (
pypiandtestpypirespectively). We have a strong source of timeliness in the form of signed time, so we could add these and then require them in new attestations after a period of adoption.
- The solution to this is to encode a domain separator in the attestation payload, which could be as simple as the current OIDC audiences for PyPI and TestPyPI (
- Enable attestation support for other Trusted Publisher providers, e.g. Google Cloud and ActiveState. This should be straightforward, just needs tests.
- Support email identity-based attestations? This should be straightforward with PyPI's already verified emails.