Matthew Garrett on Nostr: Why do you care that the certs are fresh? If you encode group membership in certs you ...
Why do you care that the certs are fresh? If you encode group membership in certs you want to have an upper bound on how long someone can continue to access a resource after being removed from a group. The TPM clock is monotonic based on the TPM being powered, so you can just subtract the attestation time from the current TPM time and get an upper bound on how long ago the cert was issued.
Published at
2024-08-14 05:05:50Event JSON
{
"id": "64604569f44212528b8022867a5069ecfb939740d1420e925d5949282660fda0",
"pubkey": "ef5e80e6c74387ef14f5c6b89079f22b6847dc14365001c0ed662a20bd891677",
"created_at": 1723611950,
"kind": 1,
"tags": [
[
"e",
"4e6649b7f60286eb5edc6f583d6fb16c09590844a1d00aab92a51bf493c76b43",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://nondeterministic.computer/users/mjg59/statuses/112958632756192789",
"activitypub"
]
],
"content": "Why do you care that the certs are fresh? If you encode group membership in certs you want to have an upper bound on how long someone can continue to access a resource after being removed from a group. The TPM clock is monotonic based on the TPM being powered, so you can just subtract the attestation time from the current TPM time and get an upper bound on how long ago the cert was issued.",
"sig": "c365a0044956f1d7683431af14d958f074d79b6bcf628a34b7b03d979578f0d705fd513ac8963ab6c60b9fe1418320710a3a15ded7f8156530498bc0dfdcadba"
}
