Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meeting 26/07/23 #67

Closed
12 of 23 tasks
THS-on opened this issue Jul 24, 2023 · 3 comments
Closed
12 of 23 tasks

Meeting 26/07/23 #67

THS-on opened this issue Jul 24, 2023 · 3 comments
Labels
video-meeting

Comments

@THS-on
Copy link
Member

THS-on commented Jul 24, 2023
edited
Loading

Attendees

Time: 26/07/23 15:30 BST (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting&iso=20230726T1530&p1=136&ah=1)
Link: https://uni-kiel.zoom.us/j/67189504412?pwd=VEQ0VlJLSGpKQkx3SnVpQWVUVjVCdz09

Topics and Notes

  • Presentation of the current state of the Kubernetes operator by @mheese
    • @mheese showed the current state of the implementation by example and how the tenant functionality is mapped
    • mapping the agent uuid to the node is an potential issue
  • Push Model
    • @stringlytyped started to writeup a document for the push model
    • The payload mechanism does not need to be part of the push model. User other tools like SPIFFE/SPIRE for hat
    • Quote Nonce ideas:
      • Request new nonce every time from verifier
      • On submission get a nonce for the next quote
      • Use an TOTP seed to generate the nonces locally (this requires the initial TPM clock information to protect against attacks of pre generating quotes)
    • Ideally the agent state is fully in the DB, so that it can be easily scaled, but for the initial implementation local agent state is ok
  • SPIFFE/SPIRE proposal Adding enhancement #98 for SPIRE integration enhancements#100
    • Mainly changes to the Keylime agent
    • Keep it generic for integration with other tools
  • mba: Manage the number of measured boot attestation keylime#1433
    • It was decided that it is either always enabled or only once
@mheese
Copy link

mheese commented Jul 24, 2023

@THS-on regarding topics, I want to do a quick demo of the Kubernetes controller / attestation-operator that I have so far, so that I can get some feedback, and discuss the next steps

I'd also be interested in a discussion around the SPIFFE/SPIRE proposal from @mpeters

@stringlytyped
Copy link

It would also be good if we could spend a bit of time talking about push model support and what our requirements are for that. This might loosely tie into the SPIFFE/SPIRE discussion

@THS-on
Copy link
Member Author

THS-on commented Jul 25, 2023

@stringlytyped @mheese added the topics

@stringlytyped stringlytyped mentioned this issue Aug 2, 2023
Closed
@THS-on THS-on closed this as completed Aug 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
video-meeting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stringlytyped @mheese @THS-on