search for: attest

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (co...

https://bugzilla.mindrot.org/show_bug.cgi?id=3815 Bug ID: 3815 Summary: ssh-verify-attestation fails to check attestation Product: Portable OpenSSH Version: 10.0p1 Hardware: amd64 OS: Linux Status: NEW Severity: trivial Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at min...

https://bugzilla.mindrot.org/show_bug.cgi?id=3761 Bug ID: 3761 Summary: ssh-keygen fails for security keys without attestation Product: Portable OpenSSH Version: 9.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: michael...

Hello everyone, The "R (programming language)" article in Wikipedia was nominated as a "Engineering and technology good article" but did *not* meet the good article criteria at the time (2010). The reviewer at the time made two interesting comments about the article: - Sources are almost all (except for one NYT article) online wiki-type sources. These may be

...liver.log > mail_plugins = > postmaster_address = postmaster at sklc.co.jp > sendmail_path = /usr/lib/sendmail > } > protocol lmtp { > mail_plugins = > } > protocol pop3 { > mail_plugins = > pop3_save_uidl = yes > pop3_uidl_format = %v-%u > } If it attests by connecting by POP3 or IMAPv4, the following messages will be displayed and attestation will go wrong. > Nov 07 23:12:40 auth: Debug: auth client connected (pid=20018) > Nov 07 23:12:40 auth: Debug: client in: AUTH 1 CRAM-MD5 service=pop3 secured no-penalty lip=19...

...08')". If your caller-ID is a valid US number and not a wireless number (that is a NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs, something we can verify as legit, then we sign as 'B', and if you use our DID as caller ID, we sign as 'A', full attestation. Please email to venefax at g mail if you have any questions. Do not think you can do business as usual. The wild west of VOIP is coming to an end. But we can keep you in business if you follow the rules. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http:...

Hi Damien, On Nov 14, 2019, at 3:26 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 1 Nov 2019, Damien Miller wrote: >> As of this morning, OpenSSH now has experimental U2F/FIDO support, with >> U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" >> or "ecdsa-sk" for short (the "sk" stands for "security

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Guys. I know there are wifi sip phones out there but I have a question, are any of these phones "anti explosive"? By that I mean, there are certain regulations about phones or cel phones that are not recommended to operate in environments like gas stations due to sparks and the chance of ingiting gas fumes. Are there any wifi sip phones out here that have complaince with regulations to

...or this years Confidential Computing MC at the Linux Plumbers Conference. In this microconference we want to discuss ongoing developments around Linux support for memory encryption and support for confidential computing in general. Topics of interest include: * Support for unaccepted memory * Attestation workflows * Confidential Computing threat model * Secure VM Service module (SVSM) and paravisor architecture and implementation * Live migration of confidential virtual machines * ARM64 Confidential Computing * RISC-V CoVE * Secure IO and device attestation * Intel TDX Connect...

Hi, The server that hosts Portable OpenSSH's bugzilla, anoncvs and mailing lists is reaching the end of its life and is in need of replacement. Anyone who uses our bugzilla frequently can attest to how annoyingly slow it is. So I am soliciting donations towards a replacement server with a target of AUD$3750. If there are any leftover funds they will be used to defray colo costs that I normally pay myself. The easiest way to donate is via Paypal to my email address (djm at mindrot.org), b...

...> "Currently, we experiment measuring the information flow on SELinux > > systems to reason about isolation properties of a system. For this > > purpose, we modified tcgLinux to run as an LSM kernel module stacked on > > top of SELinux. We also envision to extend our attestation method to > > integrate virtualization technology and partition the attestation space > > of a system using the information flow policies enforced therein." > > # [tcgLinux]"s main goal is to generate verifiable representative information > # about the sof...

...ke > writing docs, and probably would have, except we weren't able to get > Samba working as an AD the way we needed it to, so I dropped the > project. > > Your only hope, beyond that, is this mailing list. The regulars here > are very helpful and very patient, to which I can attest :) > > DO NOT be tempted to go searching for help elsewhere on the 'net. Much > of what you'll find will be wildly inaccurate and will only lead you to > grief. Ask me how I know ;) > > Good luck, > Jim OK, I have had another look at the Samba wikipage and apart from...

...nf: kernel op locks = false op locks = false strict locking = true so I could see some locks from the unix level. It worked sorta, I see the locks for big files (but not the locks I was expecting), but for little files it shows nothing: # ./lock_list /opt/testsambashare/mattest.doc # ./lock_list /opt/testsambashare/contents.doc 0 22086 W 2147483539 1 0 22086 W 2147483559 1 0 22086 W 2147483599 1 (the output is l_sysid, l_pid, l_start, l_len of struct flock) (lock_list.c source given below) The only difference I can see is that the contents.doc is mu...

In article <1485416344.2047.1.camel at biggs.org.uk>, Pete Biggs <pete at biggs.org.uk> wrote: > > > > > If you are using RAID 1 kernel mirroring, you can do that with /boot too, > > and Grub finds the kernel just fine. I've done it many times: > > > > > Hmm, OK. I wonder why anaconda doesn't do it then. > > Reading various

...cket > activation in ssh-agent using the LISTEN_PID/LISTEN_FDS > mechanism. Activated when these environment variables are set, > the agent is started with the -d or -D option and no socket path > is set. GHPR502 > > * ssh-keygen(1): support FIDO tokens that return no attestation > data, e.g. recent WinHello. GHPR542 > > * ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the > default FIDO application ID allow-list to be overridden. > > * Add a work-in-progress tool to verify FIDO attestation blobs > that ssh-keygen ca...

Hi, Has anyone here ever used a Polycom IP 4000 Soundstation SIP Conference Phone with asterisk? If so, how well does it work and how does it sound?

On Thu, Apr 3, 2014 at 11:50 AM, Jevin Sweval <jevinsweval at gmail.com> wrote: > On Wed, Apr 2, 2014 at 1:57 AM, "C. Bergström" <cbergstrom at pathscale.com> wrote: >> Hi - >> >> Not sure if anyone else saw this or cares about a decompiler (not personally >> tested) >> https://github.com/draperlaboratory/fracture >> >> I wonder if

Hello! I''ve been trying to use facts from Facter in a custom function. I''ve been following Matthew''s entry in the wiki (http://www.reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions). What i''m seeing is that Facter[''fqdn''].value is always returning the fqdn of the puppetmaster host. I was expecting the fqdn of the client host.

...n and the related idmap alloc secret. I would like to get rid of these. Therefore, I am asking here, if there is anyone out there using these? I can not imagine a reason why one would want to use different server and/or user+password for storing the uid/gid counter. The only option that I would attest a certain, though minimal, right to exist is the ldap_base_dn. But usually, it should imho ok to store the uid/gid counter in the same location as the mappings. So, again: Are these options needed/used at all? Or can I remove them for 3.6.0 ? Cheers - Michael Note: If we need to keep any of the...