Verified Commit 0533544d authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

Link to @shibumi blog post about "ephemeral certificates"

parent c136f961
Pipeline #13092 passed with stage
in 1 minute
...@@ -88,7 +88,7 @@ signing request and sign malicious artifacts ...@@ -88,7 +88,7 @@ signing request and sign malicious artifacts
Pros: Pros:
* Better User Experience (single step verify via cosign verify-blob) * Better User Experience (single step verify via cosign verify-blob)
* Private keys are ephemeral, a later stolen private key is useless. * Private keys are [ephemeral](https://shibumi.dev/posts/what-are-ephemeral-certificates/), a later stolen private key is useless.
* The key identity is strictly connected to the pipeline run * The key identity is strictly connected to the pipeline run
* Creation of rekor transparency logs happens automatically * Creation of rekor transparency logs happens automatically
* Transparency lookups are enforced by cosign * Transparency lookups are enforced by cosign
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment