Nathaniel McCallum
Nathaniel McCallum
@koenvanhauwe FYI, the relevant HTTP request is here: https://github.com/latchset/clevis/blob/master/src/pins/tang/clevis-decrypt-tang#L78 It is just `curl`, which does HTTPS just fine. So making it work should be trivial.
@koenvanhauwe Another possible feature you might want to think about is client certificate support. That way you don't have to track the IP. The client gets a certificate and does...
What version are you running? `rpm -qa clevis-luks`
The current solution would be to use a VPN. Alternatively, we would accept patches to support client authentication over HTTPS. In this case, you can just put an authenticating proxy...
But yes, an interactive system would be interesting as well. Suggestions?
Push code can actually proxy. It can connect to the Tang server and connect to awaiting Clevis and proxy the data between the two. This is possible because we don't...
@zdenekpizl My comment is just in general. What is the specific use case for this request?
I agree that this would be tremendously useful. However, what is the system that is going to manage this? You'll need a notification that a request is pending. This needs...
I agree completely. I suspect any method which supports multi-party key exchange can be made to work.
The idea was that the client would start the recovery process and wait for an incoming packet. This would allow an orchestrator process to push codes to cloud nodes. We...