Evan Gilman

almost 2 years ago

If you're in Seattle for Cloud Native Security Con, come hang out tonight for some bites and good times .. all things workload identity! What is there not to love? See you there!

Defakto @DefaktoSecurity

almost 2 years ago

Last chance to sign up for the Workload Identity Happy Hour tonight in Seattle! Be sure to stop by if you're in town for Cloud Native Security Con 🔐🤫 https://t.co/mqvuQHojGO

0

1

0

385

1

4

0

262

evan2645 retweeted

Creators of @Linkerd. The next generation of networking security and reliability for Kubernetes.

almost 2 years ago

Put some thoughts together on how to think about ACME and SPIFFE. The TL;DR is: ACME is about proving control of an identifier, while SPIFFE is about assigning and managing identifiers dynamically to enable the authorization of the subjects of those identifiers. https://t.co/GIAXPKTwxc

0

9

4

2

807

Who to follow

Buoyant

@BuoyantIO

ihor dvoretskyi 🇺🇦

@idvoretskyi

411 🫡 / Sr. Developer Advocate at @CloudNativeFDN / @Kubernetesio guy / Cloud Expert @GoogleDevs

Defakto

@DefaktoSecurity

The Non-Human IAM Platform

CloudSecurityPodcast @CloudSecPodcast

about 2 years ago

Wrote this short post yesterday on why multi-factor auth for machines in the form of hardware/software attestation is so important. Lots and lots of breaches involving single factor creds like service account etc...

Defakto @DefaktoSecurity

about 2 years ago

Multi-factor auth is required for humans, isn't it about time we require it for machines too? https://t.co/i7g2CdocuK

0

6

1

1K

0

8

2

0

697

evan2645 retweeted

about 2 years ago

Episode 166 "Workload Identity, Zero Trust and #SPIFFE (Also Turtles!)" of Cloud Security Podcast where hosts @anton_chuvakin and @_TimPeacock interview Evan Gilman (@evan2645) and Eli Nesterov (@elinesterov), co-founders @spirl_inc about identities https://t.co/4I9MMxqs68

CloudSecPodcast's tweet photo. Episode 166 "Workload Identity, Zero Trust and #SPIFFE (Also Turtles!)" of Cloud Security Podcast where hosts @anton_chuvakin and @_TimPeacock interview Evan Gilman (@evan2645) and Eli Nesterov (@elinesterov), co-founders @spirl_inc about identities https://t.co/4I9MMxqs68 https://t.co/PznuMzPDT5

0

22

8

2

7K

evan2645 retweeted

SPIFFE @SPIFFEio

about 2 years ago

In case you missed the SPIFFE Virtual meetup last month, here are the recordings. Thank you to presenters from Coinbase, Indeed, and HPE for sharing their insights and experiences https://t.co/Gjxj4D0zcj #SPIFFE #ZeroTrust

0

11

7

1

1K

evan2645 retweeted

Volkan Özçelik 🦌 @vadidekivolkan

over 2 years ago

It is 2024 will wouldn't be rolling out new systems using passwords and no MFA would you? Of course not -- It is probably time to rethink the way you do your workload and machine authentication too.

3

13

5

2

2K

evan2645 retweeted

over 2 years ago

Psst… In case you want to hear me ranting for two hours about secrets, SPIFFE, SPIRE, Turtles, passport, piano, kids, teenagers, and Neurology this is the video recording of today’s Enlightning » https://t.co/HqWMmlz1rI

0

4

2

0

685

evan2645 retweeted

Volkan Özçelik 🦌 @vadidekivolkan

over 2 years ago

📢 Join me this Friday at 8:00 AM PST! I'm excited to be a special guest on @wiggitywhitney’s livestream. We'll dive into the world of SPIFFE, SPIRE, and turtles 🐢⚡️. 📅 Mark your to Calendar to Enlighten⚡️: https://t.co/d7waARYPcE #SPIFFE #SPIRE #ZeroTrust #Security #Tanzu

1

9

3

1

852

evan2645 retweeted

François Michel @furanzu_

over 2 years ago

SSH3 with ACME just naturally solves the classical Trust On First Use problem of SSH for VMs with hostnames such as @Azure VMs. Easily implemented in SSH3 v0.1.6 using @caddyserver's certmagic.✨ Native access to the HTTPS ecosystem in SSH is a real game changer, here's why:

furanzu_'s tweet photo. SSH3 with ACME just naturally solves the classical Trust On First Use problem of SSH for VMs with hostnames such as @Azure VMs.

Easily implemented in SSH3 v0.1.6 using @caddyserver's certmagic.✨

Native access to the HTTPS ecosystem in SSH is a real game changer, here's why: https://t.co/vCxNqMuN80

2

46

15

11

9K

evan2645 retweeted

Defakto @DefaktoSecurity

over 2 years ago

Are you working with SPIFFE and wondering what should go into your SPIFFE ID? Check out our post where we teach you what to consider for your IDs. https://t.co/ybVHbbLN8s

0

4

2

1

214

evan2645 retweeted

Christian Posta @christianposta

over 2 years ago

Using SPIFFE/SPIRE? Some systems like @IstioMesh have established conventions about how to encode identity with SPIFFE IDs, but you may be wondering how best to construct SPIFFE IDs… this is a GREAT blog from @QuintessenceAnx @spirl_inc https://t.co/vKImlVYSud

1

26

10

9

5K

evan2645 retweeted

Duffie Cooley @mauilion

over 2 years ago

These two are such a fun couple of humans both of them lift others up and share that incredible knowledge they’ve learned everyday! With @evan2645 and @sublimino

mauilion's tweet photo. These two are such a fun couple of humans both of them lift others up and share that incredible knowledge they’ve learned everyday!

With @evan2645 and @sublimino https://t.co/Ptyw4whkZu

1

25

3

0

2K

evan2645 retweeted

Eli Nesterov @elinesterov

over 2 years ago

In operating system design, the user context in which tasks operate is factored into the design to ensure the desired security properties. In application design, this consideration is often overlooked, with applications usually running as monolithic structures that are blindly trusted to function correctly. The cloud typically employs a microservice-based design, which is similar to approaches used in operating systems. This is great, but unlike operating systems, these components are distributed. This is a important distinction because these micro-services largely still rely on blind trust that these components function as intended. While this blind trust is present in operating systems, it's more tolerable there since it all runs on a single host under a consistent security architecture. In cloud systems, that's seldom the case, exposing systems to attacks and amplifying the blast radius of a compromise when it happens. This misplaced trust in components is often the reason for the frequent tenant boundary violations seen in multi-tenant systems. By adopting cryptographic access controls and cryptographically verifiable auditing in these systems, inspired by how Signal incorporated cryptography and verifiability into messaging, we can move away from this blind trust. This reduces the impact of breaches, enhancing the ability to respond effectively and promptly during security incidents.

0

6

2

1

718

evan2645 retweeted

over 2 years ago

SPIFFE Community Day kick-off!

0

10

1

0

572

evan2645 retweeted

over 2 years ago

Here are a few key management lessons from decades of successes and failures.

2

8

3

0

2K

over 2 years ago

Last call for @SPIFFEio community day in-person attendees!! We'll cover all things workload identity, even some non-SPIFFE stuff 😁 see ya there!

over 2 years ago

We have some amazing speakers lined up for SPIFFE Community Day next Friday 🙌🙌🙌 you should definitely attend if you're able to! Hybrid event, but in-person attendees in SF will have an unconference bit at the end 😀 see you there! https://t.co/OnmqvVEuSM

0

11

3

0

1K

0

3

1

0

556