Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

No Keys? No Problem - Why You Can Trust Sigstore Signatures

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the security and trustworthiness of Sigstore's keyless code signing service in this 27-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the Sigstore ecosystem, examining how it protects public infrastructure while adhering to core principles of openness. Learn about the trust root, key management requirements, and the implementation of The Update Framework (TUF). Witness a live demonstration simulating a real-life compromise of critical components to test Sigstore's resilience. Gain insights into the Sigstore Community Root, initial trust establishment, ceremony operations, and root management. Discover the Sigstore TUF target layout, client usage, integration, and ecosystem. Equip yourself with knowledge to understand and trust Sigstore signatures for enhanced software supply chain security.

Syllabus

Intro
Sigstore Ecosystem
Where are the keys?
Compromise
Trust in Services
Key management requirements
TUF introduction - continued
TUF - Example deployment
Pictures of where TUF is used
Sigstore Community Root
Initial Root Trust
Ceremony Operations
Root Management
Sigstore TUF Target Layout
Sigstore Client Usage
Client integration
Client Ecosystem
Find out more

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of No Keys? No Problem - Why You Can Trust Sigstore Signatures

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.