Zachary NewmaninsigstoreWhy you can’t use Sigstore without SigstoreI was delighted to see a recent preprint that mentioned Sigstore appear on the IACR’s Cryptology ePrint Archive. The reason that we…Jan 5, 2023Jan 5, 2023
Zachary NewmaninsigstoreSignatus, ergo securus? Who can sign what with TUF and SigstoreAuthors: Zachary Newman, Marina MooreDec 13, 2022Dec 13, 2022
Zachary Newmaninsigstore“Sigstore: Software Signing For Everybody” has been published in the proceedings of the ACM…Authors: Zachary Newman, John Speed Meyers, and Santiago Torres-AriasNov 16, 2022Nov 16, 2022
Zachary NewmaninsigstoreIs Sigstore Ready for a Post-Quantum World?A couple of weeks back, NIST made big news in the cryptographic community by announcing that they have selected four quantum-resistant…Jul 17, 2022Jul 17, 2022
Zachary NewmaninsigstorePrivacy in SigstoreBy default, the keyless signing flow for Sigstore exposes a user’s email:May 27, 2022May 27, 2022
Zachary NewmaninsigstoreDon’t Panic: A Playbook for Handling Account Compromise with SigstoreUsing Sigstore allows for easy revocation and investigation.Apr 25, 20221Apr 25, 20221