I'm raising this as a potential enhancement/addition to current set of X.509 extensions used by Sigstore when encapsulating GitHub Actions OIDC claims, based on this comment in the pre-RFC discussion for Sigstore's integration into cargo/crates.io.
At the moment, there are two primary OIDC claims from GitHub Actions-issued tokens that get embedded in Fulcio-issued certificates as X.509v3 extensions:
- The SAN itself, which contains the value of
job_workflow_ref from the OIDC token
1.3.6.1.4.1.57264.1.5, which contains the value of the repository claim from the OIDC token (in org/repo "slug" form)
These are sufficient for verification at a point in time, but some threat models may require the assertion that org/repo still refers to the same org and repo. Fortunately, GitHub provides stable numeric identifiers for these, in the form of the repository_id and repository_owner_id claims. These can be used to detect a change in underlying account or repository identity, e.g. in the case an attacker takes over a deleted GitHub account and attempts to release malicious updates with otherwise valid-looking claims.
So, my actual suggestion: we could add two new X.509v3 extensions (and corresponding OIDs):
1.3.6.1.4.1.57264.1.8: GitHub Workflow Repository ID: the stable numeric identifier for the repository the workflow was run under1.3.6.1.4.1.57264.1.9: GitHub Workflow Repository Owner ID: the stable numeric identifier for the user or organization that owns the repository the workflow was run under
cc @asraa, @znewman01, and @haydentherapper for thoughts!
I'm raising this as a potential enhancement/addition to current set of X.509 extensions used by Sigstore when encapsulating GitHub Actions OIDC claims, based on this comment in the pre-RFC discussion for Sigstore's integration into
cargo/crates.io.At the moment, there are two primary OIDC claims from GitHub Actions-issued tokens that get embedded in Fulcio-issued certificates as X.509v3 extensions:
job_workflow_reffrom the OIDC token1.3.6.1.4.1.57264.1.5, which contains the value of therepositoryclaim from the OIDC token (inorg/repo"slug" form)These are sufficient for verification at a point in time, but some threat models may require the assertion that
org/repostill refers to the sameorgandrepo. Fortunately, GitHub provides stable numeric identifiers for these, in the form of therepository_idandrepository_owner_idclaims. These can be used to detect a change in underlying account or repository identity, e.g. in the case an attacker takes over a deleted GitHub account and attempts to release malicious updates with otherwise valid-looking claims.So, my actual suggestion: we could add two new X.509v3 extensions (and corresponding OIDs):
1.3.6.1.4.1.57264.1.8: GitHub Workflow Repository ID: the stable numeric identifier for the repository the workflow was run under1.3.6.1.4.1.57264.1.9: GitHub Workflow Repository Owner ID: the stable numeric identifier for the user or organization that owns the repository the workflow was run undercc @asraa, @znewman01, and @haydentherapper for thoughts!