| 25 Oct 2021 |
 David Arnold (blaggacao) | openssh-dev being used quasi-ubiquitously. | 18:40:00 |
| David Arnold (blaggacao) | So short lived identities have generally poor aplication support. | 18:40:28 |
| David Arnold (blaggacao) | * So short lived identities have generally poor application support. | 18:41:56 |
 @timdeh:matrix.org | how does this play into nix though? | 18:42:30 |
| David Arnold (blaggacao) | Current solution: SIGHUP as it seems and accept the downtime. | 18:42:38 |
| @timdeh:matrix.org | or rather, how would it interface with nix? | 18:42:48 |
| David Arnold (blaggacao) | In reply to @timdeh:matrix.org
how does this play into nix though? We don't have to care about secrets at all. | 18:42:54 |
| David Arnold (blaggacao) | Since nix probably never is going to be a long-running attestor. | 18:43:20 |
| David Arnold (blaggacao) | * We don't have to care about secrets at all (in theory). | 18:43:38 |
| David Arnold (blaggacao) | * Since `nix` probably never is going to be a long-running, stateful attestor that processes runtime fingerprints. | 18:44:16 |
| David Arnold (blaggacao) | * Since `nix` probably never is going to be a long-running, stateful attestor that processes runtime workload identity fingerprints. | 18:44:38 |
| David Arnold (blaggacao) | * Since `nix` probably never is going to be a long-running, stateful attestor that processes runtime workload identity fingerprints against an identity registry. | 18:44:56 |
| David Arnold (blaggacao) | * Since `nix` probably never is going to be a long-running, stateful attestor that processes runtime workload identity fingerprints against an identity directory. | 18:45:11 |
| David Arnold (blaggacao) | We can manage the identity directory with nix-json, though | 18:46:18 |
| David Arnold (blaggacao) | * We can manage the identity directory gitopsy with `nix-json`, though | 18:46:28 |
| David Arnold (blaggacao) | Maybe ensure that the attetor and nix use interoperavle bin-hashing mechanisms. | 18:47:09 |
| David Arnold (blaggacao) | * Maybe ensure that the attestor and `nix` use interoperable bin-hashing mechanisms. | 18:47:20 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms. | 18:47:49 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms so it's easier to upadte that witness automatically during build. | 18:48:47 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms so it's easier to update that particular datapoint witness automatically during build. | 18:49:18 |
| David Arnold (blaggacao) | Well, I'd at least conclude: we should not investigate the secrets-management category further for nix, since "secrets-management" is a fundamentally outdated answer to the identity problem. | 18:51:59 |
| David Arnold (blaggacao) | Everything else are just work-arounds. | 18:52:08 |
| @timdeh:matrix.org | even if that's true, there are legacy reasons to improve the "secrets management" usecase | 18:52:45 |
| David Arnold (blaggacao) | The root solution is: different answer. | 18:52:55 |
| David Arnold (blaggacao) | * The root solution is: a different answer. | 18:53:08 |
| @timdeh:matrix.org | your solution sounds fancy but also complicated, so I'm having a hard time imagining it in every case | 18:53:21 |
| @timdeh:matrix.org | maybe a concrete example would help? | 18:53:35 |
| David Arnold (blaggacao) | I think there is one fundamental realization to it, namely that knowledge is an inefficient proxy for proving an identity. | 18:54:22 |
| David Arnold (blaggacao) | And it has always been. | 18:54:35 |
| @timdeh:matrix.org | you don't think knowledge of my DNA could help prove who I am? | 18:54:53 |
