How to pin public root key when downloading an image with docker pull (Docker Content Trust)?

How can I execute docker pull (with Docker Content Trust enabled) such that it fails if the image doesn’t have a valid signature using the private key corresponding to (or subordinate to) the public key that I provide?
I just discovered th… Continue reading How to pin public root key when downloading an image with docker pull (Docker Content Trust)?

HTTP Public Key Pinning vs Certificate Transparency, which is better and why?

We are rolling out a new mobile app. Our security team recommends us to pin the public key in order to avoid MITM. iOS already has CT checks and we can enable that for the Android app as well.

The security team’s arguments for pinning ar… Continue reading HTTP Public Key Pinning vs Certificate Transparency, which is better and why?