Coming to this from the perspective someone used to the gpg --verify world and new to Sigstore, there is an awful lot of waffle on the signature verification page.

A TL;DR at the top of the page is desperately needed, ideally with a one-liner (if possible) but if not just a straightforward TL;DR "this is the list of commands".

If you really want to help people embrace Sigstore as the "new best thing", then making them figure out what the process is through a long rambling page is not the way to do it. At the moment, frankly, I'm left with the impression that I wish Caddy just published a GPG sig like everyone else because as you present it, Sigstore verification looks awfully time-consuming and induces the conclusion that I "can't be bothered", whish of course is technically wrong but humans are humans... don't make it difficult to figure out what needs to be done !