Bram Verburg

That's odd, I'm pretty sure PKCS7 support was never added to X509, so it can't have been removed. I did once [publish](https://elixirforum.com/t/how-can-i-generate-pkcs7-file/46938) a quick-and-dirty sample PKCS7 implementation. Did you perhaps...

Ah, I suppose I must have had that file in my local directory when publishing 0.8.5 to Hex, and Hex picked it up from there. It was never committed to...

The DER encoded octet string is the last element in the tuple (or rather, Extension record), starting with . You'd have to either generate a parser based on the ASN.1...

Ok, so assuming the nonce length is always 32 bytes, and therefore none of the ASN.1 entities will every require multi-byte length encoding (which is needed for structures >127 bytes,...

(If you don't care about robustness in case of changes on Apple's side at all, you could just do `nonce = String.slice(ext_value, -32, 32)`, of course 😈)

Let's collect some thoughts here, we can discuss in the next meeting how we want to turn this into actionable tasks/projects/documents. I would suggest we try to answer the following...

> What kind of supply chain security issues are we trying to protect against? Some possibilities: * Typosquatting * Dependency confusion (public package with a name matching somebody's private package)...

Erlang distribution protocol: overview, risks, EPMD, network interface binding, security mechanisms, TLS transport, ...

Interaction with the host OS executables/processes: ports, os:cmd, NIFs, `erl_child_setup`, `erlsrv`, `heart`, ...

Introspection: observer, crash dumps, remote console, `to_erl`