trillian VS passage

Archived. Not sure when. :( I'm not sure what if anything is a decent replacement/substitute.

In the README examples I see text about what I think is Certificate Transparency. That was definitely the first thing this made me think of. There's also a lot of talk in the project about CONIKS[1], & associate research papers are about 'bringing key transparency to end users'.

The scenarios[2] are interesting, but I'm not sure fully how this project helps. They explicitly call out Upspin for encrypted storage, which was linked recently[3].

It appears to make heavy use of the Trillian cryptographically verifiable data store[4].

[1] https://www.schneier.com/blog/archives/2016/04/coniks.html

[2] https://github.com/google/keytransparency/blob/master/docs/s...

[3] https://news.ycombinator.com/item?id=31520559

[4] https://github.com/google/trillian

Related is Google Trillian: https://github.com/google/trillian

https://stackoverflow.com/questions/37058322/how-can-i-verif...

CT (Certificate Transparency) is another approach to validating certs wherein x.509 cert logs are written to a consistent, available blockchain (or in e.g. google/trillian, a centralized db where one party has root and backup responsibilities also with Merkle hashes for verifying data integrity). https://certificate.transparency.dev/ https://github.com/google/trillian

Does docker ever make the docker socket available over the network, over an un-firewalled port by default?

Yeah, right on!

We're looking in more depth at other use cases, developing a better understanding of which types of problems this might be useful for, and ways to reason about the properties you want/get from using systems like this (e.g. https://github.com/google/trillian/tree/master/docs/claimant...)

[Disclaimer: I work on CT, Trillian, and some other related projects]

passage

_o/ hi all, age author here!

The OP link is the spec, here's a few other things you might find interesting

- the Go reference implementation https://age-encryption.org

- the Go library docs https://pkg.go.dev/filippo.io/age

- the CLI man page https://filippo.io/age/age.1

- an interoperable Rust implementation by @str4d https://github.com/str4d/rage

- a YubiKey plugin by @str4d https://github.com/str4d/age-plugin-yubikey

- the draft plugin protocol specification (which we should really merge) https://github.com/C2SP/C2SP/pull/5/files?short_path=07bf8cc...

- a Windows GUI by @spieglt https://github.com/spieglt/winage

- a discussion of the authentication properties of age https://words.filippo.io/dispatches/age-authentication/

- a discussion of a potential post-quantum plugin https://words.filippo.io/dispatches/post-quantum-age/

- a password-store fork that uses age instead of gpg https://github.com/FiloSottile/passage (see also: how I use it with a YubiKey https://words.filippo.io/dispatches/passage/)

https://github.com/FiloSottile/passage and https://github.com/FiloSottile/passage/issues/24

Without looking close at your suggestion, you might want to look at passage [0] by the creator of age. It's a fork of pass [1] using age as the backend.

[0] https://github.com/FiloSottile/passage

I wanted to reduce the amount of key management in my life to the bare minimum. I don't use gpg for its intended purpose (maintaining a web of trust with folks that you communicate with), but rather only use it for Emacs file encryption and things like password-store (which I'm replacing with https://github.com/FiloSottile/passage and will also port the Emacs pass frontend to work with).

there in fact exists a pass-like interface for age: https://github.com/FiloSottile/passage