Evan Gilman
Evan Gilman
The SPIFFE ID spec has within it a set of character restrictions that are intended to mitigate confusion and potential exploitation around how to interpret an ID and the equality...
From @justinburke ``` Having a map from trust domain to CRL(s) would probably help out client implementors. As for not checking the signatures of the CRLs: sounds like there would...
Hello everybody! I'm one of the maintainers on the SPIFFE/SPIRE projects, and we are currently working on support for Windows. As part of this work, we have ~500 lines of...
When the notifier interface was introduced, the intention was to fill a handful of use cases we had around arbitrary event-driven actions. Updating the bundle in a remote location any...
The SPIFFE bundle specification allows for an optional sequence number to be set, which allows consumers to understand which bundles are "newer" or "older", and also allows them to measure...
The path selector in the unix workload attestor is generated by reading the link from `/proc/PID/exe`. The value of this link does not consider namespacing, and appears as being relative...
Darwin is a supported platform and we even run tests against it in CI. We should probably release artifacts for it too. https://github.com/spiffe/spire/releases
Many OSS projects have RFC processes of sorts which are exercised when adding new features or otherwise making non-trivial design decisions. As the SPIRE project grows, more ideas are proposed,...
When an agent comes up for the first time and performs attestation, it generates a key locally, performs attestation, receives a cert for the local key, then persists this cert....
The logger emits log timestamps in the locally configured timezone. When the agent starts and detects an expired SVID on disk, it logs a warning that includes the expiry date...