Add summaries for the security models of attestations and trusted publishing #17242
Conversation
mac-chaffee
changed the title
|
Hey @mac-chaffee! Sorry for the delay here -- I had this flagged for myself, but it looks like I lost it in the stacks. I'll do a review of these changes today! |
…lishers Signed-off-by: Mac Chaffee <[email protected]>
mac-chaffee
force-pushed
the
security-model-summaries
branch
from
647b2bb to
a2797aa
Compare
mac-chaffee
force-pushed
the
security-model-summaries
branch
from
a2797aa to
d1b2433
Compare
|
Thanks for the suggestions! I rebased and edited the author to remove the unverified commit in case that causes issues |
| this risk by using short-lived tokens instead of long-lived tokens that can | ||
| easily get misplaced, leaked in logs, stolen by malware, or any number of other | ||
| ways. |
There was a problem hiding this comment.
I think the key distinction we should make here is that long-lived tokens need to be stored and do not quickly expire. Short-lived tokens somewhat reduces the likelihood that they will "misplaced, leaked in logs, stolen by malware" (although it's still possible) but also reduces the impact if they are compromised.
There was a problem hiding this comment.
Good point, let me know what you think of the new version I just pushed 👍
| In recent years, theft of credentials such as API tokens has [played a major | ||
| role in cyber attacks]. The reason for this is the unfortunate reality that | ||
| managing credentials can be complicated and risky. Trusted Publishing reduces | ||
| this risk by using short-lived tokens instead of long-lived tokens. Short-lived | ||
| tokens are less likely to be misplaced, leaked in logs, or stolen by malware. | ||
| If short-lived tokens are leaked, they only give attackers a narrow time window | ||
| to exploit the leaked token, which minimizes the potential damage. |
There was a problem hiding this comment.
I think this is still missing the distinction that when used with Trusted Publishing short-lived tokens are ephemeral and don't need to be stored.
There was a problem hiding this comment.
Oh I thought you wanted emphasis on the fact that short-lived tokens only reduce but don't eliminate the risk. How about this?
Short-lived tokens are less likely to be misplaced, leaked in logs, or stolen by malware since they don't have to be stored.
Hello!
I recently wanted to learn more about trusted publishing and attestations but I struggled initially to understand the big-picture of the security goals and non-goals, and I had a lot of misconceptions initially.
So I added some summaries with my goal being to surface the answers to the questions I had initially, while trying to keep it simple. But that does mean I possibly over-simplified or glossed over important details, so feedback is welcome!