Loading…
Timezone
February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 11:50am - 12:25pm
So You Want to Run Your Own Sigstore: Recommendations for a Secure Setup - Hayden Blauzvern, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Sigstore, an open-source standard for signing and verifying artifacts, provides free-to-use services that provide identity-based certificates and auditable signatures through a transparency log. These services work well for FOSS, giving maintainers the tooling needed to create signed builds. However, enterprise organizations may have additional needs that are not addressed by the public instances. This could include availability requirements such as regionalization, data residency requirements, privacy concerns with a public log, or requiring policy controls for admitting entries into a log. This talk will discuss motivations for operating private Sigstore services and expectations on the operators. The talk will discuss differences in the threat modeling between public and private instances. Finally, the talk will cover the requirements for operating private instances, including operating a root trust store and the necessary security properties of a private certificate authority and transparency log.
Speakers
HB

Hayden Blauzvern

Software Engineer, Google
Hayden is a software engineer on Google's Open Source Security Team, focused on making open-source software more secure. Hayden is a maintainer on the Sigstore project. Prior to working in open source, Hayden worked for Google Cloud Platform to provide cloud-based PKI.

So You Want to Run Your Own Sigstore Recommendations for a Secure Setup pdf
Wednesday February 1, 2023 11:50am - 12:25pm PST
Room 613/614
  Supply Chains