Attendees

• @ansasaki
• @aplanas
• @deeglaze
• @edwards-n
• @ematery
• @galmasi
• @husky-parul
• @Isaac-Matthews
• @kkaarreell
• @maugustosilva
• @mayaCostantini
• @marcostork
• @mdrocco
• @mbestavros
• @mheese
• @mruffin
• @mpeters
• Niteesh Dubey
• @ruocco
• @stringlytyped
• @stefanberger
• @THS-on
• @tpletcher-hpe
• @tylerfanelli
• @ueno
• @sarroutbi
• @sergio-correia
• @gnurugs
• Shiva Dasari
• Christian Schilling

Time: 23/07/2025 15:00 UTC (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting\&iso=20250723T15)

Google Meet joining info
Video call link: https://meet.google.com/nos-bkdi-cnn
Or dial: ‪(DE) +49 30 300195060‬ PIN: ‪607 390 654 8381‬#
More phone numbers: https://tel.meet/nos-bkdi-cnn?pin=6073906548381
Or join via SIP: sip:[email protected]

Topics

• Push model updates
  • #keylime-push-attestation channel on CNCF Slack
  • Publicly accessible project: Agent-driven attestation
  • We achieved a big milestone: a complete attestation
    • Next steps:
      • Make the attestation continuous
      • Make the agent resilient to common network issues
• Keylime and Post-Quantum Cryptography
• Mentorship project CMW, EAT in collaboration with Veraison
  • Veraison Mentorship: Harmonizing Open-Source Verifiers with RATS Standards veraison/.github#6
• Enhancements:
  • One shot attestation: Create enhancement #121 - Verification API enhancements#122
    • Enhancement merged, implementation proposed #1753
  • TEE Boot Attestation: TEE Boot Attestation proposal enhancements#108
    • Closed as it became stale. A new related en hancement proposal was created
  • 123_verifier_evidence_types123_verifier_evidence_types enhancements#124
    • Newly open, about supporting other evidences types in the one-shot attestation endpoint
  • 126_verify_evidence_jwt 126_verify_evidence_jwt enhancements#127
    • Add JWT format response for the one-shot attestation endpoint
  • Adding enhancement #98 for SPIRE integrationAdding enhancement #98 for SPIRE integration enhancements#100
    • Merged, implementation in https://github.com/keylime/spire-keylime-plugin
• Open PRs:
  • Keylime:
    • #1781 - fix: resolve extreme line-too-long violations in keylime/tenant.py
    • #1780 - Fix minor typo (exponantial->exponential)
    • #1777 - Add support for CMW evidence format - server side
    • #1753 - Initial version of verify evidence enhancement
    • #1731 - Push authentication
    • #1715 - Allow separate CA and logging configurations for components
    • #1693 - Add agent-driven (push) attestation protocol
    • #1670 - Add webhook for receiving and modifying registrar identity trust decisions
    • #1668 - Add support for EK Certificate Chain, resolves #1552
    • #1545 - Add support for a reject list in runtime policy
  • Agent:
    • #1061 - Groom code (remove dead code)
    • #1051 - add support for CMW evidence format - agent side
    • #1043 - build(deps): bump clap from 4.5.39 to 4.5.41
    • #1027 - build(deps): bump pest from 2.8.0 to 2.8.1
    • #1025 - build(deps): bump actix-web from 4.10.2 to 4.11.0
    • #1023 - build(deps): bump cfg-if from 1.0.0 to 1.0.1
    • #1015 - build(deps): bump openssl from 0.10.72 to 0.10.73
    • #986 - Update rust-config to 0.15
    • #658 - Remove deprecated zmq revocation notification feature