Sharon Goldberg<p>New highly nerdy and awesome blog on <a href="https://infosec.exchange/tags/openpubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpubkey</span></a> and <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> </p><p><a href="https://www.bastionzero.com/blog/generalizing-openpubkey-to-any-identity-provider" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bastionzero.com/blog/generaliz</span><span class="invisible">ing-openpubkey-to-any-identity-provider</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.gamedev.place is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server focused on game development and related topics.
Administered by:
Server stats:
5.4Kactive users
mastodon.gamedev.place: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#openpubkey
0 posts · 0 participants · 0 posts today
Sharon Goldberg<p>Monster <a href="https://infosec.exchange/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> release from <span class="h-card" translate="no"><a href="https://hexagon.space/@ethan_heilman" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ethan_heilman</span></a></span> and the team at BastionZero and <span class="h-card" translate="no"><a href="https://techhub.social/@docker" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>docker</span></a></span> today. <a href="https://www.bastionzero.com/blog/announcing-the-release-of-openpubkey-v0-3-0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bastionzero.com/blog/announcin</span><span class="invisible">g-the-release-of-openpubkey-v0-3-0</span></a></p>
Sharon Goldberg<p>Excited to share a new IETF internet draft that <span class="h-card" translate="no"><a href="https://mstdn.social/@bifurcation" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bifurcation</span></a></span> and I just submitted to the OAuth working group. </p><p>We introduce PIKA: Proof of Issue Key Authority, to solve a problem relevant to <a href="https://infosec.exchange/tags/openpubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpubkey</span></a>, <a href="https://infosec.exchange/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a> and JWTs in general. </p><p>What's a PIKA and why do I care? </p><p>OpenPubkey uses PK Tokens to allow an OpenID Provider (OP) to bind user identities to user-held public keys. This essentially allows the OP to act like a certificate authority, without any changes to today's OIDC.</p><p>PK Tokens are signed by the OP's signing keys. But, OP's rotate their signing keys over time. What happens if we need to use a PK Token *after* the OP rotates signing key? </p><p>This is where the PIKA comes in. </p><p>In this draft, we introduce the PIKA and show how it can be combined with a timestamping authority to allow PK Tokens to be used even after the OP rotates it signing key. The PIKA is a secure object that allows you to cache the OP's key, and verify using the OP's key even if the OP is offline. </p><p>And that's why I got interested in this work. </p><p>But our solution is much more generic and widely applicable than to just OpenPubkey. PIKAs allow the verification of JWTs, ID Tokens and other OIDC Tokens without querying the OP directly. You can use them to reduce the load on a OP, or to build applications that require caching or historical information about OP keys. Historical information about signing key is a particularly important in <a href="https://infosec.exchange/tags/softwaresupplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>softwaresupplychain</span></a> usecases.</p><p>We're still digesting all the different ways that PIKAs can be used. Feel free to get in touch if you have any feedback!</p><p><a href="https://www.ietf.org/archive/id/draft-barnes-oauth-pika-00.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ietf.org/archive/id/draft-barn</span><span class="invisible">es-oauth-pika-00.html</span></a></p>
Ethan Heilman<p>Excellent program at <span class="h-card"><a href="https://infosec.exchange/@BSidesCambridgeMA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BSidesCambridgeMA</span></a></span> today.</p><p>Excited to present <a href="https://hexagon.space/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> and demo how to ssh using your OpenID identity without having to trust your identity provider.</p><p>HMU if you are at bsides today</p>
fenix<p><a href="https://mastodon.uno/tags/UnoLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnoLinux</span></a> <a href="https://mastodon.uno/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.uno/tags/openpubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpubkey</span></a> <br>OpenPubKey, un nuovo protocollo crittografico open-source di BastionZero per zero-trust e autenticazioni senza password<br><a href="https://www.laseroffice.it/blog/2023/10/27/openpubkey-un-nuovo-protocollo-crittografico-open-source-di-bastionzero-per-zero-trust-e-autenticazioni-senza-password/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">laseroffice.it/blog/2023/10/27</span><span class="invisible">/openpubkey-un-nuovo-protocollo-crittografico-open-source-di-bastionzero-per-zero-trust-e-autenticazioni-senza-password/</span></a></p>
Ethan Heilman<p>Just dropped our paper on eprint: OpenPubkey. I welcome any questions/feedback replies</p><p><a href="https://hexagon.space/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> adds user-held public keys into OpenID Connect without breaking compatibility. This means users can create digital signatures on the web that are associated with their ID Tokens. Fully signed APIs here we come.</p><p>Our protocol is so compatible with existing IDPs that not only have we been using it in production with Google, Okta, and Microsoft IDPs for over a year, but that IDPs can't even tell that OpenPubkey is being used!</p><p><a href="https://hexagon.space/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://hexagon.space/tags/JSON" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JSON</span></a> <a href="https://hexagon.space/tags/JWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JWS</span></a> <a href="https://hexagon.space/tags/websec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>websec</span></a></p><p><a href="https://eprint.iacr.org/2023/296.pdf" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">eprint.iacr.org/2023/296.pdf</span><span class="invisible"></span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload