💾 Archived View for rawtext.club › ~sloum › geminilist › 006363.gmi captured on 2023-12-28 at 16:20:42. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
nervuri nervuri at disroot.org
Thu Apr 15 14:32:55 BST 2021
- - - - - - - - - - - - - - - - - - -
On Thu, 2021-04-08, Mansfield wrote:
I'm curious... is there *any* server that is running where the code
being run can be verified? I could see someone saying, "I'm running the
open source version of FOO as the server", but they could have tweaked
it to be FOO' or something... thoughts?
Look into remote attestation - TPM-based cryptographic assurance thatremote code is what it's supposed to be. It's a DRM-type scheme,relying on a secret key being stored in hardware, so it's not ultimatelytrustworthy, but it does raise the bar. Signal makes use of the IntelSGX variant [1], although it has its share of problems [2].
SGX allows applications to provision a “secure enclave” that is
isolated from the host operating system and kernel, similar to
technologies like ARM’s TrustZone. SGX enclaves also support remote
attestation. Remote attestation provides a cryptographic guarantee of
the code that is running in a remote enclave over a network.
An SGX enclave on the server would enable a service to perform
computations on encrypted client data without learning the content of
the data or the result of the computation.
[1] https://signal.org/blog/secure-value-recovery/#deus-sgx-machina[2] https://medium.com/@maniacbolts/signal-increases-their-reliance-on-sgx-f46378f336d3
As for your application, I agree with Jason McBrayer: good idea, but Iwould not use or recommend it unless it is libre software.