πΎ Archived View for gem.benscraft.info βΊ mailing-list βΊ messages βΊ 233 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
β¬ οΈ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- nervuri <nervuri at disroot.org>
@ Thu, 15 Apr 2021 13:32 +0000
Reply to Mansfield <mansfield at ondollo.com>
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
On Thu, 2021-04-08, Mansfield wrote:
I'm curious... is there *any* server that is running where the code
being run can be verified? I could see someone saying, "I'm running the
open source version of FOO as the server", but they could have tweaked
it to be FOO' or something... thoughts?
Look into remote attestation - TPM-based cryptographic assurance that
remote code is what it's supposed to be. It's a DRM-type scheme,
relying on a secret key being stored in hardware, so it's not ultimately
trustworthy, but it does raise the bar. Signal makes use of the Intel
SGX variant [1], although it has its share of problems [2].
SGX allows applications to provision a βsecure enclaveβ that is
isolated from the host operating system and kernel, similar to
technologies like ARMβs TrustZone. SGX enclaves also support remote
attestation. Remote attestation provides a cryptographic guarantee of
the code that is running in a remote enclave over a network.
An SGX enclave on the server would enable a service to perform
computations on encrypted client data without learning the content of
the data or the result of the computation.
[1] https://signal.org/blog/secure-value-recovery/#deus-sgx-machina
[2] https://medium.com/@maniacbolts/signal-increases-their-reliance-on-sgx-f46378f336d3
As for your application, I agree with Jason McBrayer: good idea, but I
would not use or recommend it unless it is libre software.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ