Noah Stride
Noah Stride
Hey all - this is ready for another review pass for all sections apart from the appendices. I'm hoping to finish those up in the next couple of days.
I'd be more than happy to submit a patch for this if maintainers believe this would be appropriate.
> Tokens have a exp claim, so in any case an "outdated" public key will not be used over time. ... However, be aware that it might not benefit you...
Just tested against master and I don't seem to be able to reproduce - I'm using `caddy` to act as a L7 LB: ``` ╰─➤ curl http://localhost:9485/ GET / HTTP/1.1...
> That said, what about WIT-SVID? I assume you mean to follow the same with WIT-SVID. I see that, in the proposed WIMSE S2S draft, WIT, like JWT, does not...
Agreed - I'd be keen to pick up some of the WIT related work in go-spiffe (and maybe also some experimental WPT utilities over there too 😉 )
To add on to Arndt's thoughts here: It seems to me that it's fairly niche for a client to need to connect to a specific arbitrary pod? I'm trying to...
Thanks for coming back with some additional context/thoughts. I think it may take me some time to think over this a little more before I have a fuller response. In...
> The log data from the prospective of the the auth server, should capture the bot name which is failing to join the cluster. Additionally the audit event logs should...
As someone not too intimate with the inner workings of CNCF governance - it's surprising to me that the membership of "SPIFFE Maintainers with the CNCF" does not overlap with...