Alexander Scheel

icon indicating a website link https://cipherboy.com icon indicating an email [email protected]

icon company @GitLab icon location St. Paul, MN icon location Open source cryptography & violin - ex-Red Hat, ex-Canonical, ex-Hashicorp Vault, ex-Keyfactor; now at GitLab. OpenBao TSC Chair & Dev WG Chair.

Results 130 issues of Alexander Scheel

Allow old certs to be cross-signed

1 comment

In Vault 1.11, we introduced cross-signing support, but the earlier SKID field change in Vault 1.10 causes problems: notably, certs created on older versions of Vault (

enhancement
secret/pki

Add warning when generate_lease=true on PKI roles

This option is known to cause problems with large numbers of issued certificates. Ensure admins are warned about the impact of this field and encourage them to disable it. `Signed-off-by:...

enhancement
secret/pki
pr/no-changelog

Expose Conflicts

When solving with assumptions, it would be nice to expose [conflicts](https://github.com/msoos/cryptominisat/blob/master/src/cryptominisat.h.in#L69) from CryptoMiniSat's C++ API in Python.

enhancement

Ctrl+C doesn't work in pycryptosat

1 comment

When a program uses `pycryptosat`, it'll fail to respond to the `Ctrl+C` shortcut because the native component of `pycryptosat`, `SATSolver` from CryptoMiniSat, doesn't invoke Python's signal handler. Demonstration: ```python3 from...

Broaden sshd_use_approved_* to non-FIPS use cases

10 comment

#### Description Allow `sshd_use_approved_ciphers` to satisfy both FIPS and non-FIPS use cases with the same rule. Benchmarks like CIS encourage the usage of approved cipher suites as well (and do...

bugfix

Enable CA nonce protection

2 comment

Disabling CA nonce protection prohibits Dogtag CA from performing CSRF protection, making some XSS vulnerabilities trivially reflected. We need to ensure this is enabled by default to limit the scope...

postponed
ipa-next

RFE: Collapse SCE check scripts into single extended-components element

#### Description of Problem: As described in the [ComplianceAsCode SCE pull request](https://github.com/ComplianceAsCode/content/pull/7075#issuecomment-875438084), we'd like to see multiple SCE scripts combined into a single `extended-components` with multiple `script` sub-elements. Suggested by...

During oscap xccdf resolve, self-closed check-import element rewritten with non-empty body

#### Description of Problem: When [adding SCE support in ComplianceAsCode](https://github.com/ComplianceAsCode/content/pull/7075#discussion_r664664758), @yuumasato noticed that the final datastream has a non-compliant `` element with non-empty body (see linked comment). This appears to...

bug
portability

Not applicable not counted in results top bar

1 comment

#### Description of Problem: Consider two different versions of content, where some rules are not applicable: ![Screenshot from 2021-05-10 09-33-41](https://user-images.githubusercontent.com/914030/117667433-df8ed500-b172-11eb-88a2-b3402a303e58.png) ![Screenshot from 2021-05-10 09-33-57](https://user-images.githubusercontent.com/914030/117667435-e0276b80-b172-11eb-8def-55b2e01eb831.png) In particular, both had 283 rules...

bug
1.2

Add missing XCCDF Profile selection remark to HTML report

8 comment

#### Description of Problem: I was discussing how to add commentary to a tailoring file the other day on `#openscap`. I suggested adding a `remark` under the `select` element of...

enhancement
help wanted