Skip to content
Snippets Groups Projects
Verified Commit 0533544d authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Link to @shibumi blog post about "ephemeral certificates"

parent c136f961
No related tags found
No related merge requests found
......@@ -88,7 +88,7 @@ signing request and sign malicious artifacts
Pros:
* Better User Experience (single step verify via cosign verify-blob)
* Private keys are ephemeral, a later stolen private key is useless.
* Private keys are [ephemeral](https://shibumi.dev/posts/what-are-ephemeral-certificates/), a later stolen private key is useless.
* The key identity is strictly connected to the pipeline run
* Creation of rekor transparency logs happens automatically
* Transparency lookups are enforced by cosign
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment