The Sigstore Trust Model

Trust root

Sigstore Without Big Tech!

Sigstore vs PGP

Sigstore Tradeoffs

  • Centralized infrastructure is not ideal, but Transparency can mitigate many of the problems.
  • Over long periods of time, humans are bad at key management but great at protecting email accounts.

Transparency and Centralized Infrastructure

Summary

--

--

--

Founder/CEO at Chainguard

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

I scanned the whole country of Israel for git exposed repositories

Phishing got easier with Socialphish

What is ad fraud?

iBG Finance

Chrome Settings: How To Make Your Browser As P

Think Two-Factor Authentication Isn't for You? Think Again.

Anonymity and Abuse Reports

WordPress Security Plugins Which You Should Know In 2021

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dan Lorenc

Dan Lorenc

Founder/CEO at Chainguard

More from Medium

Sigstore: Bring-your-own sTUF with TUF

Kyverno- Policy Engine for Kubernetes (Part 2)

Deploy Scalable Tezos Nodes in the Cloud

Zero trust networking in Kubernetes