/? "Certificate Transparency" Blockchain https://scholar.google.com/scholar?q=%22Certificate+Transpar... https://scholar.google.com/scholar_alerts?view_op=list_alert...

- Some of these depend upon a private QKD [fiber,] line

- NIST PQ algos are only just now announced: https://news.ycombinator.com/item?id=32281357 : Kyber, NTRU, {FIPS-140-3}?

/? Ctrl-F "Certificate Transparency" https://westurner.github.io/hnlog/ :

"Google's Certificate Transparency Search page to be discontinued May 15th, 2022" https://news.ycombinator.com/item?id=30781698

- LetsEncrypt Oak is also powered by Google/trillian, which is a trustful centralized database

- e.g. Graph token (GRT) supports Indexing (search) and Curation of datasets

> And what about indexing and search queries at volume, again without replication?

My understanding is that the s Sigstore folks are now more open to the idea of a trustless DLT? "W3C Verifiable Credentials" is a future-proof standardized way to sign RDF (JSON-LD,) documents with DIDs.

Verifiable Credentials: https://en.wikipedia.org/wiki/Verifiable_credentials

# Reproducibile Science Publishing workflow procedures with Linked Data:

- Sign the git commits (GPG,)

- Sign the git tags (GPG+Sigstore, ORCID & DOI (-> W3C DIDs), FigShare, Zenodo,)

- Sign the package(s) and/or ScholarlyArticle & their metadata & manifest ( Sigstore, pkg_tool_xyz,CodeMeta RDF/JSON-LD, ),

- Sign the SBOM (CycloneDx, Sigstore,)

- Search for CVEs/vulns & Issues for everything in the SBOM (Dependabot, OSV,)

- Search for trusted package hashes for everything in the SBOM

- Sign the archive/VM/container image (Docker Notary TUF, Sigstore,)

- Archive & Upload & Restore & Verify (and then Upgrade Versions in the) from the dependency specifications, SBOM, and/or archive/VM/container image (VM/container tools, repo2docker (REES),)

- Upgrade Versions and run unit, functional, and integration tests ({pip-tools, pipenv, poetry, mamba}, pytest, CI, Dependabot,))