Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Harden audit and evidence posture for regulated PKI operations #15

New Issue
Open
opened 2026-03-24 18:07:03 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:07:03 +01:00
Owner
Copy Link

Move from “ordinary operational audit” toward a stronger evidence model for regulated PKI actions:

  • issuance request intake,
  • approval decisions,
  • signing requests,
  • publication,
  • revocation,
  • status generation.

Why this matters

The target platform is not just a technical PKI library; it is the base for a high-assurance PKI service. That requires stronger evidentiary guarantees and clean linkage between governance decisions and cryptographic outcomes.

Acceptance criteria

  • Define which events are mandatory evidence events.
  • Ensure event chains are sufficient to reconstruct who requested, who approved, who signed, and what was published/revoked.
  • Avoid leakage of sensitive payloads while preserving audit usefulness.
  • Prepare the model for threshold/group approval evidence.
Move from “ordinary operational audit” toward a stronger evidence model for regulated PKI actions: - issuance request intake, - approval decisions, - signing requests, - publication, - revocation, - status generation. ## Why this matters The target platform is not just a technical PKI library; it is the base for a high-assurance PKI service. That requires stronger evidentiary guarantees and clean linkage between governance decisions and cryptographic outcomes. ## Acceptance criteria - Define which events are mandatory evidence events. - Ensure event chains are sufficient to reconstruct who requested, who approved, who signed, and what was published/revoked. - Avoid leakage of sensitive payloads while preserving audit usefulness. - Prepare the model for threshold/group approval evidence.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#15
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?