Morten Linderud
Morten is a Open-Source developer and maintainer interested in supply-chain security, Linux distributions and user friendly security tools. The past decade he has contributed to projects like Arch Linux, Reproducible Builds, OpenSSF and the "Linux Userspace API" (UAPI) group. When he doesn't spend his free time doing open-source development he works with devops at the Norwegian Broadcasting Corporation.
Session
IETF is standardizing a new ACME challenge, device-attest-01, which allows organizations to provision device bound certificates to machines, and enables machines to present signing certificates that can't be extracted out of machines they where intended for. This is useful for cases where you want to provide reverse proxies with mTLS with a strong sense of device identity.
attezt is intended to be a suite of tools to work the new device-attest-01 ACME challenges for Linux. It provides an ACME client, an attestation server with (simple) support for inventory systems and a PKCS11 agent which together enables the support of this ACME challenge on Linux.
This talk will give an introduction to the new ACME challenge, a quick rundown of how an attestation server works and how attezt works.
https://datatracker.ietf.org/doc/draft-ietf-acme-device-attest/
https://github.com/Foxboron/attezt