Filippo Valsorda

> Do you think it would help if we were to edit this function to for example check that stdout of ` --version` contains `gpg (GnuPG)` substring (instead of just...

> Is Ed25519 support planned to be certified in this new native implementation? Yes, we'll post a full list of algorithms once we are close to finalizing it, but it...

> How this is going to be achieved? Build tags? Probably something more explicit, such as a `go build` flag. I suspect build tags won't be flexible enough, but I...

@aclements the following proposals are necessary to expose the functionality of the module to applications. They are not strictly speaking necessary to _validate_ the module, but a validated module with...

I'm unsure how to proceed with this. I like the idea of deriving the periods automatically, but the Let's Encrypt practices that @mcpherrinm shared in https://groups.google.com/a/chromium.org/g/ct-policy/c/936lR3MEUDU/m/zJemazEjAgAJ sound good and I'd...

> I'm lukewarm to having hardcoded shard periods. My preference for ecosystem health is to get shards less aligned rather than more, as we've had a couple "bumps" during transitions...

Oh this is interesting, thank you. Why pass an object to the constructor instead of mirroring the addRecipient methods? Or, even better, return the transformer from an Encrypter method?

Faults can always cause incorrect outputs, for example by happening after the signature is generated and verified. This is a major problem if the fault leaks the private key, but...

Since our write ratelimit is the pool size, we can just reserve part of it for only new certificates.

That’s really weird, we don’t have any logic that would truncate it, and I wouldn’t expect any lower level mechanism to add the final quote