Context: Overall we would like to offer a unified CLI / API (as part of https://github.com/google/model-transparency) to sign and verify AI artifacts.

We've received interest to support custom PKIs. IIUC, these come in two flavors:

1. Support for private Fulcio deployment. IIUC, This requires new options like --fulcio-root-pubkey (--fulcio-url is already supported) for signing, and --fulcio-root-pubkey for verification.
2. Support for a non-Fulcio CA that would typically be an existing certificate (for enterprise that already have their own PKI setup). This requires a different flow altogether.

for (2): Given that sigstore-python already contains all the logic for verification, I think we could augment it with a new API that takes in an interface / object to let callers customize the certificate management / chain verification / etc. That would require defining the right interface to abstract the functionality we want. Fulcio / Sigstore would be the default certificate manager. Is this a reasonable approach? Wdut?

@haydentherapper @major-security