Check validity of applicable TP and TS before fetching signatures from registry. #790
Description
Context: #771 (comment)
Currently signature verification process in Notation, involves fetching the signature and subsequently validating the trust store's vakidity. However, this method has the following concerns:
- The error messages provided to users in case of verification failure are not very user-friendly. (Refer to the link above for examples)
- If either the Trust Store (TS) or Trust Policy (TP) is malformed, signature validation will always fail. This renders the fetching and validation of signatures unnecessary. Essentially, we're advocating for fast fail.
Ambiguous Specification
Presently, there exists specifications that introduces a conflicting requirement. In one instance, we state that before commencing signature verification, both the TS and TP should be valid, while in other, this is not explicitly emphasized.
- https://github.com/notaryproject/specifications/blob/v1.0.0/specs/trust-store-trust-policy.md#signature-verification
- https://github.com/notaryproject/specifications/blob/v1.0.0/specs/signing-and-verification-workflow.md#verification-prerequisites
Recommended Solution
- Amend the specification to state: "User has configured a valid trust store and trust policy."
- Make a code change to validate the relevant TS and TP before obtaining the signature. Here, 'relevant' refers to the TP and TS identified for a specific scope.