From 0533544d7ca4aad5af5a30f45f5de3858d6bfce1 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sun, 14 Nov 2021 23:28:00 +0100
Subject: [PATCH] Link to @shibumi blog post about "ephemeral certificates"

---
 docs/artifact-signing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/artifact-signing.md b/docs/artifact-signing.md
index a7ebf28a1..505b99a5a 100644
--- a/docs/artifact-signing.md
+++ b/docs/artifact-signing.md
@@ -88,7 +88,7 @@ signing request and sign malicious artifacts
 
 Pros:
 * Better User Experience (single step verify via cosign verify-blob)
-* Private keys are ephemeral, a later stolen private key is useless.
+* Private keys are [ephemeral](https://shibumi.dev/posts/what-are-ephemeral-certificates/), a later stolen private key is useless.
 * The key identity is strictly connected to the pipeline run
 * Creation of rekor transparency logs happens automatically
 * Transparency lookups are enforced by cosign
-- 
GitLab