12 Dec 2024 |
baloo | yeah, looks like you figured out a bunch of options in a bunch of very useful tools | 04:19:05 |
Morgan (@numinit) | Basically, yeah. | 04:19:18 |
baloo | I guess you ended up full of yak hair after doing that | 04:19:21 |
baloo | (thanks for doing that) | 04:19:45 |
baloo | or full of weeds I guess | 04:19:57 |
Morgan (@numinit) | yeah, pretty much - declarative definition of yubikeys is pretty cool at least | 04:19:58 |
Morgan (@numinit) | though I completely understand why wo one supported PKCS11 now - it's a pain in the @$$ | 04:20:50 |
baloo | have you had the delight to work HSM vendors already? | 04:20:55 |
Morgan (@numinit) | * though I completely understand why no one supported PKCS11 now - it's a pain in the @$$ | 04:20:56 |
Morgan (@numinit) | ... yep. | 04:21:10 |
Morgan (@numinit) | Different tools for everything | 04:21:21 |
baloo | condolences | 04:21:23 |
Morgan (@numinit) | I'm surprised PKCS#11 can even generate keys | 04:21:48 |
Morgan (@numinit) | support apparently has been recently improving in general with AWS and Google's cloud HSMs | 04:22:19 |
baloo | ha yeah, the easy ones :D | 04:22:36 |
Morgan (@numinit) | when the standard says something is optional, no one implements it | 04:22:44 |
baloo | wait until you use the thales or entrust ones :D | 04:23:02 |
baloo | (don't use entrust) | 04:23:09 |
Morgan (@numinit) | lol, qualcomm low level bringup has been my recent 😢 | 04:23:27 |
baloo | qualcomm makes HSMs? | 04:23:42 |
Morgan (@numinit) | not really, trusted environments on chip that are TPM "compatible" | 04:24:08 |
baloo | ha yeah those | 04:24:23 |
Morgan (@numinit) | with as loose air quotes as Qualcomm deserves | 04:24:29 |
baloo | This is next year project I think | 04:25:08 |
baloo | looking forward to that >< | 04:25:13 |
Morgan (@numinit) | that and plenty of Android (OEM) key attestation, which uses them and also completely stretches the definition of key attestation in a million ways | 04:26:28 |
Morgan (@numinit) | asn.1 for days... | 04:27:09 |
Morgan (@numinit) | fun fact: | 04:53:25 |
Morgan (@numinit) | PKCS#11 was created by OASIS, the same creators of standards as well designed and respected as.... SAML | 04:53:57 |
Morgan (@numinit) | 😬But at least they somewhat redeemed themselves with virtio. | 04:54:25 |