Open in app

Sign In

Write

Sign In

Dan Lorenc
Dan Lorenc

560 Followers

Home

About

Published in sigstore

·Jun 29, 2022

An Update on General Availability

This is an update on the plans to make the sigstore community infrastructure Generally Available. sigstore is a bit different from many other open source projects in that we provide a maintained, running instance of the open source components for the public to use for free, with an alert referring…

Cybersecurity

3 min read

An Update on General Availability
An Update on General Availability
Cybersecurity

3 min read


Published in sigstore

·May 3, 2022

Kubernetes signals massive adoption of Sigstore for protecting open source ecosystem

Kubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply chain attacks across the 5.6m developer community The Kubernetes and Sigstore communities today are announcing that Kubernetes is adopting Sigstore in production for signing artifacts and verifying signatures, enabling Kubernetes users…

Kubernetes

4 min read

Kubernetes signals massive adoption of Sigstore for protecting open source ecosystem
Kubernetes signals massive adoption of Sigstore for protecting open source ecosystem
Kubernetes

4 min read


Published in sigstore

·Jan 28, 2022

Sigstore ❤ Ruby!

We started the Sigstore project with a goal of making key management, certificates, and digital signatures accessible and easy to use for every developer and language community. It’s incredibly exciting to see our tooling and services used by new ecosystems, so we were thrilled to see the recent RFC from Shopify around improving the signing mechanisms on RubyGems using Sigstore. On behalf of the Sigstore community, we’d like to affirm that we’re here to help with this RFC in any way we can! We’re happy to make changes to Sigstore itself, or to collaborate on whichever new tools, services, or libraries are needed to make this effort successful.

1 min read

Sigstore ❤ Ruby!
Sigstore ❤ Ruby!

1 min read


Dec 9, 2021

The Sigstore Trust Model

I hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root down to each short-lived certificate. For more background, read A Deep Dive on Fulcio, It’s Ten O’Clock, Do You Know Where Your Private Keys Are?, …

Kubernetes

6 min read

The Sigstore Trust Model
The Sigstore Trust Model
Kubernetes

6 min read


Nov 8, 2021

Notary V2 and Cosign

This post is to help reduce confusion between the Notary V2/Notation and Cosign projects. This is a common question from end users that I tried to avoid answering directly for a while. Now that Notation has released an alpha, I think it’s time to publish an evaluation of the differences. …

Security

5 min read

Notary V2 and Cosign
Notary V2 and Cosign
Security

5 min read


Published in sigstore

·Oct 29, 2021

Spooky Updates for Sigstore!

October is almost done, so it’s time for another update! The supply chains are clearly haunted, so this one has a spooky theme. The community is still growing quickly, and the fancy new “Contributor Strength” dashboard reflects it!

Kubernetes

3 min read

Spooky October Updates for Sigstore!
Spooky October Updates for Sigstore!
Kubernetes

3 min read


Oct 2, 2021

Zero Trust Supply Chain Security

This post accompanies a talk I just gave at the 2021 Open Source Summit, called Zero Trust Supply Chain Security. The slides are available here. Background Let’s say you’re walking down the sidewalk outside of your office, and you find a USB thumb drive sitting on the ground. I hope everyone…

Security

9 min read

Zero Trust Supply Chain Security
Zero Trust Supply Chain Security
Security

9 min read


Sep 16, 2021

A Bit of Ambiance comes to Sigstore

Zero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets behind a firewall. No secrets sounds great in theory! It even sounds a bit magical. How can we authenticate without any secrets? …

Kubernetes

4 min read

A Bit of Ambiance comes to Sigstore
A Bit of Ambiance comes to Sigstore
Kubernetes

4 min read


Aug 22, 2021

Improving TOFU With Transparency

TOFU is an OK substitute for when you have nothing better, but it’s never the best choice. — Before you get upset, I’m not talking about the coagulated soy-bean excretion often served fried, I’m talking about the Trust-On-First-Use authentication scheme. Just like the food, there are times to reach for TOFU, but too much of it might not be the best for your health. …

Information Security

8 min read

Improving TOFU With Transparency
Improving TOFU With Transparency
Information Security

8 min read


Aug 15, 2021

Signature Formats

Envelopes and Wrappers and Formats, Oh My! — There are a bunch of confusing formats and specifications that describe how to, well, format signatures and related information. This topic is confusing because terminology is hard and each specification tackles things at slightly different levels of abstraction, from slightly different angles. …

Cryptography

15 min read

Signature Formats
Signature Formats
Cryptography

15 min read

Dan Lorenc

Dan Lorenc

560 Followers

Founder/CEO at Chainguard

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech