SigstoreCon Supply Chain Day 2024

The Sigstore trust root is delivered to Sigstore clients via root-signing, a less known but security-critical part of Sigstore. In this talk the audience will learn how the project operates and also why it went through a significant rewrite during the past year when it switched to using tuf-on-ci as tooling. The talk will outline the best practices of trust root management and how they are now applied in the project. Topics include: * Current state of the Sigstore root-signing project * Why on earth would you rewrite working critical infrastructure? There are multiple incompatibility incidents in the history of root-signing: the talk will show how a rewrite can be a sensible choice in this situation * Design discussion – why is root-signing such a strange little project? Turns out the combination of user collaboration in a community project with hardware backed signing requires a unique solution * What is next for root-signing?