sunlight
trillian
Our great sponsors
sunlight | trillian | |
---|---|---|
3 | 9 | |
107 | 3,463 | |
- | 0.5% | |
8.9 | 9.6 | |
21 days ago | 5 days ago | |
Go | Go | |
ISC License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sunlight
-
Sunlight, a Certificate Transparency log implementation
This is one of the projects I've been most excited about in the last few years. It let me backport to Certificate Transparency a lot of the modern transparency logging designs that came after it.
Beyond the Let's Encrypt announcement and the ct-policy thread (which includes a technical and advantages summary), here are a few resources that might be interesting.
- Design document https://filippo.io/a-different-CT-log
- Implementation https://github.com/FiloSottile/sunlight
- API specification https://c2sp.org/sunlight
- Website, including test logs and feedback channels https://sunlight.dev/
If you’re thinking “oh we could use something similar” please reach out! Sunlight is retrofitting some of the modern tlog designs on a legacy system. With a greenfield deployment you can do even better! I’m working with the Sigsum project on specs, tooling, and a support ecosystem to make deploying tlogs easier and safer.
trillian
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?
- Google's Trillian – Verifiable Data Structures
-
Key transparency: A transparent and secure way to look up public keys
Archived. Not sure when. :( I'm not sure what if anything is a decent replacement/substitute.
In the README examples I see text about what I think is Certificate Transparency. That was definitely the first thing this made me think of. There's also a lot of talk in the project about CONIKS[1], & associate research papers are about 'bringing key transparency to end users'.
The scenarios[2] are interesting, but I'm not sure fully how this project helps. They explicitly call out Upspin for encrypted storage, which was linked recently[3].
It appears to make heavy use of the Trillian cryptographically verifiable data store[4].
[1] https://www.schneier.com/blog/archives/2016/04/coniks.html
[2] https://github.com/google/keytransparency/blob/master/docs/s...
[3] https://news.ycombinator.com/item?id=31520559
[4] https://github.com/google/trillian
- Don't trust your logs! Implementing a Merkle tree for an Immutable Verifiable Log (in Go)
- GnuPG used to ask for your support to help protect online privacy
-
There's a guy who the Space Force and Defense Department are paying $250k a year to go to MIT to study Bitcoin for them, to see how they could use its ledger in the same way they use GPS to store and track accurate immutable information. He just got permission to go public with his work.
Related is Google Trillian: https://github.com/google/trillian
-
Threat Actors Now Target Docker via Container Escape Features
https://stackoverflow.com/questions/37058322/how-can-i-verif...
CT (Certificate Transparency) is another approach to validating certs wherein x.509 cert logs are written to a consistent, available blockchain (or in e.g. google/trillian, a centralized db where one party has root and backup responsibilities also with Merkle hashes for verifying data integrity). https://certificate.transparency.dev/ https://github.com/google/trillian
Does docker ever make the docker socket available over the network, over an un-firewalled port by default?
-
Tamper-Evident Logs
Yeah, right on!
We're looking in more depth at other use cases, developing a better understanding of which types of problems this might be useful for, and ways to reason about the properties you want/get from using systems like this (e.g. https://github.com/google/trillian/tree/master/docs/claimant...)
[Disclaimer: I work on CT, Trillian, and some other related projects]
What are some alternatives?
Proofable - General purpose proving framework for certifying digital assets to public blockchains
libgossamer - Public Key Infrastructure without Certificate Authorities, for WordPress and Packagist
PGPy - Pretty Good Privacy for Python
django-ca - Django app providing a Certificate Authority
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
tierney - Generic library for structured commands with explicit parallelism
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
tl - verify https assets with a public transparency log
wild-workouts-go-ddd-example - Go DDD example application. Complete project to show how to apply DDD, Clean Architecture, and CQRS by practical refactoring.
core - Backend server API handling user mgmt, database, storage and real-time component
passage - A fork of password-store (https://www.passwordstore.org) that uses age (https://age-encryption.org) as backend.
Key Transparency - A transparent and secure way to look up public keys.