search for: attestation

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concate...

https://bugzilla.mindrot.org/show_bug.cgi?id=3761 Bug ID: 3761 Summary: ssh-keygen fails for security keys without attestation Product: Portable OpenSSH Version: 9.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: michael-dev...

Hello everyone, The "R (programming language)" article in Wikipedia was nominated as a "Engineering and technology good article" but did *not* meet the good article criteria at the time (2010). The reviewer at the time made two interesting comments about the article: - Sources are almost all (except for one NYT article) online wiki-type sources. These may be

...gt; sendmail_path = /usr/lib/sendmail > } > protocol lmtp { > mail_plugins = > } > protocol pop3 { > mail_plugins = > pop3_save_uidl = yes > pop3_uidl_format = %v-%u > } If it attests by connecting by POP3 or IMAPv4, the following messages will be displayed and attestation will go wrong. > Nov 07 23:12:40 auth: Debug: auth client connected (pid=20018) > Nov 07 23:12:40 auth: Debug: client in: AUTH 1 CRAM-MD5 service=pop3 secured no-penalty lip=192.168.1.1 rip=192.168.1.110 lport=110 rport=57054 > Nov 07 23:12:40 auth: In...

...08')". If your caller-ID is a valid US number and not a wireless number (that is a NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs, something we can verify as legit, then we sign as 'B', and if you use our DID as caller ID, we sign as 'A', full attestation. Please email to venefax at g mail if you have any questions. Do not think you can do business as usual. The wild west of VOIP is coming to an end. But we can keep you in business if you follow the rules. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lis...

Hi Damien, On Nov 14, 2019, at 3:26 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 1 Nov 2019, Damien Miller wrote: >> As of this morning, OpenSSH now has experimental U2F/FIDO support, with >> U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" >> or "ecdsa-sk" for short (the "sk" stands for "security

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Guys. I know there are wifi sip phones out there but I have a question, are any of these phones "anti explosive"? By that I mean, there are certain regulations about phones or cel phones that are not recommended to operate in environments like gas stations due to sparks and the chance of ingiting gas fumes. Are there any wifi sip phones out here that have complaince with regulations to

...or this years Confidential Computing MC at the Linux Plumbers Conference. In this microconference we want to discuss ongoing developments around Linux support for memory encryption and support for confidential computing in general. Topics of interest include: * Support for unaccepted memory * Attestation workflows * Confidential Computing threat model * Secure VM Service module (SVSM) and paravisor architecture and implementation * Live migration of confidential virtual machines * ARM64 Confidential Computing * RISC-V CoVE * Secure IO and device attestation * Intel TDX Connect * AMD...

Hi, The server that hosts Portable OpenSSH's bugzilla, anoncvs and mailing lists is reaching the end of its life and is in need of replacement. Anyone who uses our bugzilla frequently can attest to how annoyingly slow it is. So I am soliciting donations towards a replacement server with a target of AUD$3750. If there are any leftover funds they will be used to defray colo costs that I

...> "Currently, we experiment measuring the information flow on SELinux > > systems to reason about isolation properties of a system. For this > > purpose, we modified tcgLinux to run as an LSM kernel module stacked on > > top of SELinux. We also envision to extend our attestation method to > > integrate virtualization technology and partition the attestation space > > of a system using the information flow policies enforced therein." > > # [tcgLinux]"s main goal is to generate verifiable representative information > # about the software...

On 29/07/16 11:47, Jim Seymour wrote: > On Thu, 28 Jul 2016 22:55:55 +0200 > Léon van der Kaap <leonkaap at gmail.com> wrote: > >> Hello, >> >> I am looking for good installation instructions for an active >> directory domain controller installation of samba4. The only source I >> have reliably found is >>

Hi, I added these lines to smb.conf: kernel op locks = false op locks = false strict locking = true so I could see some locks from the unix level. It worked sorta, I see the locks for big files (but not the locks I was expecting), but for little files it shows nothing: # ./lock_list /opt/testsambashare/mattest.doc # ./lock_list /opt/testsambashare/contents.doc 0 22086 W

In article <1485416344.2047.1.camel at biggs.org.uk>, Pete Biggs <pete at biggs.org.uk> wrote: > > > > > If you are using RAID 1 kernel mirroring, you can do that with /boot too, > > and Grub finds the kernel just fine. I've done it many times: > > > > > Hmm, OK. I wonder why anaconda doesn't do it then. > > Reading various

Hi, Has anyone here ever used a Polycom IP 4000 Soundstation SIP Conference Phone with asterisk? If so, how well does it work and how does it sound?

On Thu, Apr 3, 2014 at 11:50 AM, Jevin Sweval <jevinsweval at gmail.com> wrote: > On Wed, Apr 2, 2014 at 1:57 AM, "C. Bergström" <cbergstrom at pathscale.com> wrote: >> Hi - >> >> Not sure if anyone else saw this or cares about a decompiler (not personally >> tested) >> https://github.com/draperlaboratory/fracture >> >> I wonder if

Hello! I''ve been trying to use facts from Facter in a custom function. I''ve been following Matthew''s entry in the wiki (http://www.reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions). What i''m seeing is that Facter[''fqdn''].value is always returning the fqdn of the puppetmaster host. I was expecting the fqdn of the client host.

Hi Samba Users, I forgot to send this mail to the samba ML, too. The question is whether anyone is using the idmap alloc config options for idmap_ldap. I would like to remove them for Samba 3.6. Details below. Thanks - Michael ----- Forwarded message from Michael Adam <obnox at samba.org> ----- Date: Wed, 10 Nov 2010 11:19:56 +0100 From: Michael Adam <obnox at samba.org> To:

This week has been very productive and has shown a huge leap forward in Asterisk development. The creation of the new concepts of an "unstable" branch of the code will, I believe, make for a better development environment in the long run. With that in mind, I'm going to do something I only infrequently do, which is to re-post something in it's entirety and look for comments

...nd a backup key. (I know, I could use certificates, and maybe I will!). Why don?t I just use the brew version with pkcs11/ykcs11? a) Because it adds all the keys in the PIV token including deleted keys that are not listed anywhere (I only got rid of those by resetting the applet completely) and the attestation key * thankfully the attestation key refuses to sign arbitrary data, as it should b) Because I?d rather it be bound to the Secure Enclave and only have a token as a backup or for stronger security requirements This got me into a rabbit hole :-) Sorry in advance if this is not 100% suitable for t...