trillian
django-ca
trillian | django-ca | |
---|---|---|
9 | 1 | |
3,464 | 134 | |
0.3% | - | |
9.6 | 9.7 | |
4 days ago | 13 days ago | |
Go | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trillian
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?
- Google's Trillian – Verifiable Data Structures
-
Key transparency: A transparent and secure way to look up public keys
Archived. Not sure when. :( I'm not sure what if anything is a decent replacement/substitute.
In the README examples I see text about what I think is Certificate Transparency. That was definitely the first thing this made me think of. There's also a lot of talk in the project about CONIKS[1], & associate research papers are about 'bringing key transparency to end users'.
The scenarios[2] are interesting, but I'm not sure fully how this project helps. They explicitly call out Upspin for encrypted storage, which was linked recently[3].
It appears to make heavy use of the Trillian cryptographically verifiable data store[4].
[1] https://www.schneier.com/blog/archives/2016/04/coniks.html
[2] https://github.com/google/keytransparency/blob/master/docs/s...
[3] https://news.ycombinator.com/item?id=31520559
[4] https://github.com/google/trillian
- Don't trust your logs! Implementing a Merkle tree for an Immutable Verifiable Log (in Go)
- GnuPG used to ask for your support to help protect online privacy
-
There's a guy who the Space Force and Defense Department are paying $250k a year to go to MIT to study Bitcoin for them, to see how they could use its ledger in the same way they use GPS to store and track accurate immutable information. He just got permission to go public with his work.
Related is Google Trillian: https://github.com/google/trillian
-
Threat Actors Now Target Docker via Container Escape Features
https://stackoverflow.com/questions/37058322/how-can-i-verif...
CT (Certificate Transparency) is another approach to validating certs wherein x.509 cert logs are written to a consistent, available blockchain (or in e.g. google/trillian, a centralized db where one party has root and backup responsibilities also with Merkle hashes for verifying data integrity). https://certificate.transparency.dev/ https://github.com/google/trillian
Does docker ever make the docker socket available over the network, over an un-firewalled port by default?
-
Tamper-Evident Logs
Yeah, right on!
We're looking in more depth at other use cases, developing a better understanding of which types of problems this might be useful for, and ways to reason about the properties you want/get from using systems like this (e.g. https://github.com/google/trillian/tree/master/docs/claimant...)
[Disclaimer: I work on CT, Trillian, and some other related projects]
django-ca
-
Threat Actors Now Target Docker via Container Escape Features
django-ca is one way to manage a PKI including ACMEv2, OCSP, and a CRL (Certificate Revocation) list: https://github.com/mathiasertl/django-ca
"How can I verify client certificates against a CRL in Golang?" mentions a bit about crypto/tls and one position on CRLs:
What are some alternatives?
Proofable - General purpose proving framework for certifying digital assets to public blockchains
bocker - Docker implemented in around 100 lines of bash
libgossamer - Public Key Infrastructure without Certificate Authorities, for WordPress and Packagist
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
PGPy - Pretty Good Privacy for Python
PKI.js - PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
tierney - Generic library for structured commands with explicit parallelism
pki - The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.