Hayden B
Hayden B
Also consider how OAuth/OIDC mitigates attacks around replay and CSRF. Can email mitigate these?
One thing that's worth bringing up is this mode does not support automation. A benefit to OIDC that's been discussed in the RFC is automated signing without the need for...
I'm seeing that the primary concern around OIDC pointed out in the RFC discussion is that it "vendorizes" the feature. While I recognize this concern, I assume that almost all...
For a long-term solution, I'd love to explore privacy-conscious approaches that don't require users to expose their emails. I don't know what this might look, but it's a very exciting...
I like it! That would definitely minimize the risk of accepting a misconfigured IDP. Also this comes with the benefit of being able to create automation around adding scoped IDPs...
> I would prefer such an independent / neutral IdP over having rubygems as an IdP. It would save a lot of administrative overhead and retains the extra security of...
I think it's fair to call this a feature, but to me, it's not a critical feature. I agree that it makes the attack harder, but it's also dependent on...
Looking into this. Interestingly it fails on 1.18, but not 1.19.
Need to generate new test data for certificate-transparency-go that doesn't use SHA1 for the signing algorithm digest.
cc @mattmoor since you were looking at KMS providers recently