Ideas and Execution
-
Ideas and Execution
5 free ideas that Soatok doesn't have the time or energy to execute on.
-
Morten Linderudreplied to Soatok Dreamseeker last edited by
Hmm, I suspect threshold signatures with a TPM would be cool. Then you could have additional claims like the request coming from the correct machine as well as some identity claims.
I experimented a little bit with this through an SSH CA thing, single-user though.
SSH CA with device and identity attestation: ssh-tpm-ca-authority
The past year I have been hacking around on tools utilizing TPMs, and one of the features I have been interested to learn more about is the device attestation features. After being a bit inspired by some ideas from people at work, the hackerspace and toots on mastodon, I figure out a SSH certificate authority would be a cool small project to hack on. Last year I wrote an SSH agent with TPM bound keys so this would nicely fit into the existing tooling.
Morten Linderud (linderud.dev)
But replacing the SSH CA with an OIDC thing would be cool.
-
@soatok the cyclomatic complexity metrics as IoC sounds like a really straight-forward thing that should be part of all CD pipelines.
-
@faz @soatok @Nulhomme a starting point for the code stuff:
https://github.com/DataDog/supply-chain-firewall
https://github.com/some-natalie/bincapz-action
https://github.com/chainguard-dev/malcontent (bincapz was renamed)
