| 25 Oct 2021 |
 David Arnold (blaggacao) | * Since `nix` probably never is going to be a long-running, stateful attestor that processes runtime workload identity fingerprints against an identity directory. | 18:45:11 |
| David Arnold (blaggacao) | We can manage the identity directory with nix-json, though | 18:46:18 |
| David Arnold (blaggacao) | * We can manage the identity directory gitopsy with `nix-json`, though | 18:46:28 |
| David Arnold (blaggacao) | Maybe ensure that the attetor and nix use interoperavle bin-hashing mechanisms. | 18:47:09 |
| David Arnold (blaggacao) | * Maybe ensure that the attestor and `nix` use interoperable bin-hashing mechanisms. | 18:47:20 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms. | 18:47:49 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms so it's easier to upadte that witness automatically during build. | 18:48:47 |
| David Arnold (blaggacao) | * Maybe ensure that the workload attestor and `nix` use interoperable bin-hashing mechanisms so it's easier to update that particular datapoint witness automatically during build. | 18:49:18 |
| David Arnold (blaggacao) | Well, I'd at least conclude: we should not investigate the secrets-management category further for nix, since "secrets-management" is a fundamentally outdated answer to the identity problem. | 18:51:59 |
| David Arnold (blaggacao) | Everything else are just work-arounds. | 18:52:08 |
 @timdeh:matrix.org | even if that's true, there are legacy reasons to improve the "secrets management" usecase | 18:52:45 |
| David Arnold (blaggacao) | The root solution is: different answer. | 18:52:55 |
| David Arnold (blaggacao) | * The root solution is: a different answer. | 18:53:08 |
| @timdeh:matrix.org | your solution sounds fancy but also complicated, so I'm having a hard time imagining it in every case | 18:53:21 |
| @timdeh:matrix.org | maybe a concrete example would help? | 18:53:35 |
| David Arnold (blaggacao) | I think there is one fundamental realization to it, namely that knowledge is an inefficient proxy for proving an identity. | 18:54:22 |
| David Arnold (blaggacao) | And it has always been. | 18:54:35 |
| @timdeh:matrix.org | you don't think knowledge of my DNA could help prove who I am? | 18:54:53 |
| David Arnold (blaggacao) | Because knowledge is fundamentally fungible. | 18:55:06 |
| David Arnold (blaggacao) | Observable attributes are not. | 18:55:34 |
| @timdeh:matrix.org | well I guess it depends on what you mean by knowledge, because kernel hashes of running processes still fall into the category of knowledge to my mind | 18:55:42 |
| David Arnold (blaggacao) | Those would be trustes, observable, attributes. After having got past the problem of boostrapping trust. | 18:56:19 |
| David Arnold (blaggacao) | * Those would be trusted, observable attributes. After having got past the problem of boostrapping trust. | 18:56:36 |
| David Arnold (blaggacao) | And the quality of the trust anchor remains, as always, no constant. | 18:57:10 |
| David Arnold (blaggacao) | If the kernal is compromised, then... | 18:57:21 |
| David Arnold (blaggacao) | * If the kernal is compromised, so is trust. | 18:57:33 |
| David Arnold (blaggacao) | * If the kernel is compromised, so is trust. | 18:57:48 |
| David Arnold (blaggacao) | If the attestor is compromised, so is trust. | 18:57:59 |
| David Arnold (blaggacao) | A short lived certificate is only fungible during its TTL. | 18:58:58 |
| David Arnold (blaggacao) | I think all this kind of shows: keeping high frust levels about an identity is primarily a runtime concern. | 19:05:31 |
