Hi Simon, Simon Josefsson <[email protected]> writes:
> 6) Sigstore and Sigsum. (I hope I provoke both camps here too :)) These > are modern designs that realize that signatures without transparency is > not effective against practical attacks. Reasonable well specified, > although lacking in multiple implementations and PQ options. Sigstore > suffer from complexity and its focus on container security. Sigsum > suffer from lack of non-Go implementations and MIME integration. Doesn't Sigstore require a centralized Rekor instance? That was the impression I based on a very brief look at it previously. Collin
