Evan Gilman

> I got the multimesh to work, however when I introduce spire on top, it just stops working I'm no Istio expert, but the docs you linked to, and the...

> Regarding the upstream CA configurable, I explored maybe deprecating that configurable and providing the requested CA TTL through the global plugin configuration. However, currently the global plugin configuration is...

Core doesn't currently distinguish or know the difference between tofu and non-tofu attestors... but, it may need to in the future: https://github.com/spiffe/spire/issues/2203 Teaching core about this somehow is probably a...

@bri365 Hmm yes I think that could work for builtins, but we wouldn't be able to clean up after non-builtins. I also think there are likely to be cases where...

Hi @jonringer .. our hope with using hcl was to have both something a bit friendlier than straight JSON but also to support JSON for machine generated cases. Unfortunately, I...

Thanks for opening this @rturner3 and the time you took to put it all together. > Does this proposal seem like a reasonable addition to the Agent? I think so....

Thank you for opening this @dfeldman, yes we need to grow support for this. It will require a migration. The name that ended up making it into the spec is...

Any thoughts on using a TPM quote instead? Server sends nonce, TPM generates quote with the nonce and sends it back, server validates the quote using the TPMs public key?

> an interface that gives plugins access to a namespaced key value store riding on top of the datastore and well as an interface through the registration API for plugins...

> This information would need to updated whenever a new machine needs to be provisioned. This is relatively frequent - at least a few times an hour. > ... >...