Michael Malone
Michael Malone
> This is separate from CT, as I don't want this published in CT infrastructure Why are you opposed to using an internal certificate transparency list for this? It feels...
@evilmog oh yea, I forgot about that in my response. It _seems like_ there _should be_ some workaround for that. If badger is append-only with atomic writes one solution could...
You can also set min/max/default TLS cert duration on a per-provisioner basis when you add a provisioner to override these authority-level settings. If you're using the new databased-backed provisioner management...
Hey @anthonyjlmorel, It's been a while. We haven't resolved this, yet, but we're starting to think about these issues and are working on a design that I think will help...
The autocert webhook admission controller gets called by kubernetes on _pod_ creation... so it'll get called per-pod, not per-deployment. If there's some way to create the pods outside of a...
@alanchrt you're talking about two modes: one that enforces that Host matches SNI and the other that doesn't, right? We're not terminating TLS vs. passing it through for a backend...
If there is a specific threat around misuse of a Web PKI / TLS certificate to generate one of these signatures then you'll probably want to enforce a code signing...
I just skimmed the docs. Looks like this is _built on_ Kafka, but it exposes its own APIs for schema management. It looks like it also (optionally?) talks to Zookeeper?...
Sorry to hear that. I do appreciate the suggestion, just wanted to be upfront about how much we can help and how quickly. I just took a look at the...
It looks like you may be issuing Schema Registry's certificate from the wrong CA. Honestly, for this use case you can probably use the same root CA certificate for both...