undefined | Better HN

0 pointszeeboo7y ago0 comments

And yet, all of the routers are not audited, and I presume you believe in the security of some applications that use them. In other words, the trusted base of the system does not depend on all of the components in the system (you start with the assumption that any closed components are hostile). The keybase servers are exactly the same.

The answer is that they do have things to hide: anti-spam/anti-scam systems, for example. The question is if they are hiding something that matters for security. You can determine this by auditing only the client.

Sure, open source software is great, and has many uses. In this case, it has no use in ensuring that keybase is secure. Somehow, you don't have to trust a great many components in the secure software you use on a daily basis, and yet you have to trust keybase's servers because.. reasons? And somehow this trust is important even though you'd still be blindly trusting that they're running what you hope.

I won't argue that some people would benefit from the server being open source, but to argue that open sourcing it has anything to do with security is just inane and FUD.

0 comments

5 comments · 2 top-level

josh26007y ago· 2 in thread

The question boils down to "what can an attacker learn by owning the server" and right now you don't know. You can pretend that doesn't matter, but it's not inane or FUD.

You have to model the whole system to understand the threat model. Anything less is blind trust.

zeebooOP7y ago

You can know exactly what the attacker can learn because you can see ALL of the information that your client passes to the server by auditing ONLY the client. Your argument applies equally well to every single router or middle box on the internet, and it's just as wrong there.

You prove that it doesn't matter by assuming that keybase is running the most malicious code possible, auditing your client, and deciding that the system is still secure. This is what auditing the client means.

Additionally, to bring up this fact again because it has only been hand-waved away: Even if the server was open source, there is no guarantee they are running that code. Thus, there is no benefit to security until systems exist (somehow?) to prove the server is running the code you expect.

Double additionally: even IF you can prove that the server is running what you expect, how do you know that some box, after https is peeled off, but before the request makes it to the server, is not sending the same request off to some other, malicious, server?

josh26007y ago

I am going to say this one more time because I think it's a real point and I think you're dismissing it out of hand is unreasonable: there are things that can be learned from the server.

It's one thing to tell people that you aren't logging anything. It's another thing to show everyone you're not logging anything except the account creation date and last access date by open sourcing the software and then show exactly that in a response to a national security letter: https://www.aclu.org/open-whisper-systems-subpoena-documents.

1 more reply

inetknght7y ago· 1 in thread

> And yet, all of the routers are not audited, and I presume you believe in the security of some applications that use them.

Why do you presume that? I certainly don't believe in the security of many applications that I use. I generally try to avoid putting any damaging information into them though.

zeebooOP7y ago

I didn’t say you believe in the security of every application, I said you believe in the security of some applications. For example, websites secured by https do not require the security of routers to be secure.

j / k navigate · click thread line to collapse

0 comments

5 comments · 2 top-level

josh26007y ago· 2 in thread

The question boils down to "what can an attacker learn by owning the server" and right now you don't know. You can pretend that doesn't matter, but it's not inane or FUD.

You have to model the whole system to understand the threat model. Anything less is blind trust.

zeebooOP7y ago

josh26007y ago

I am going to say this one more time because I think it's a real point and I think you're dismissing it out of hand is unreasonable: there are things that can be learned from the server.

1 more reply

inetknght7y ago· 1 in thread

> And yet, all of the routers are not audited, and I presume you believe in the security of some applications that use them.

Why do you presume that? I certainly don't believe in the security of many applications that I use. I generally try to avoid putting any damaging information into them though.

zeebooOP7y ago

j / k navigate · click thread line to collapse