docs: add VSA verification security model documentation #316
+153
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add comprehensive documentation explaining the security model for Verification Summary Attestations (VSAs), focusing on policy binding and why verification commands intentionally do not allow policy override. The new VERIFICATION.md document covers: - Policy binding principle (VSAs are bound to specific policies) - Creation vs verification trust models - Security anti-patterns (policy substitution attacks) - Consumer verification guidelines - Policy evolution and migration strategies Also updates DESIGN.md and README.md to reference the new documentation. Assisted-by: Claude Code Signed-off-by: Ralph Bean <[email protected]>
TomHennen
requested changes
Oct 11, 2025
There was a problem hiding this comment.
Hey, thanks for taking an interest in this project.
The suggested change doesn't match the official model for how VSAs are verified though.
Notably, users are not expected to check policy.uri, and are instead expected to check resourceUri.
You can see some of the details here and also this discussion.
This doc also has a draft threat model that we haven't had time to formalize. You can get access if you join https://groups.google.com/g/slsa-discussion, you can also just request access and I'll grant it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
I got confused when trying to figure out why
verifycommitdidn't have a --use_local_policy option while checktag, level, and leveprov did. Here, trying to expand documentation on the security model to explain that.New Documentation:
docs/VERIFICATION.mdThis document explains:
verifycommitwould enable policy substitution attacksWhy This Matters
Currently, the tool's security model is implicit in the code design:
checktag,checklevel,checklevelprov) have--use_local_policyverifycommit) intentionally lacks this flagThis PR documents the security reasoning behind this design, making it clear that:
Changes
docs/VERIFICATION.md- Comprehensive verification security model documentationdocs/DESIGN.md- Added reference to verification security model in VSA sectionREADME.md- Added link to verification documentationRelated Issues
Generated with assistance from Claude Code