-
Discussing health checks with @beautifulentropy, I got nerd sniped and went down a rabbit hole. Here's a canned CA health check I came up with.
----
Set up softhsm2
```
export SOFTHSM2_CONF=$PWD…
-
What would be involved in exposing more TLS configuration options? At work, I am deeply involved in encryption every day, so I am probably more concerned about it than some people, but as I see it, th…
-
The certificate created on repository initialization (or first (docker push)) has a hard-coded 10-year expiration and refresh is not implemented; this limits the lifetime of any signed repository to 1…
-
From slack:
# Types of setups
- active + backup node with tmkms
- 3 sentries setup with tmkms/horcrux
- a mix of validator + 1-3 sentries + horcrux/tmkms
## Best practices
Validator securi…
-
### What is missing in SGX signing flows, what is needed for "plugins/templates" in GSC?
The context are these PRs and discussions:
- https://github.com/gramineproject/gramine/pull/1118
- https:/…
-
Several crates in this repo could benefit from having `async` equivalents. There are several use cases for `async`, such as communicating with network services which implement a particular cryptograph…
-
So I'm currently using tmkms with a yubihsm2 to sign blocks for multiple validators and it works fine so far. I want to ensure it's not a single point of failure so I want to buy a failover hsm to mak…
-
The documentation states:
```
Protecting against inspection of the Nuts node process.
If an attacker can inspect the memory of the Nuts node process, confidentiality might be private keys…
-
This is similar to issue https://github.com/slackhq/nebula/issues/51, but not immediately equivalent. It would be neat to be able to put the CA certificate key on a HSM module like the YubiHSM. If `ne…
-
I have not done much digging into this project yet, but a suggestion I have after reading the readme file is in response to [the blurb about sending a unique code to the email](https://github.com/ande…