undefined | Better HN

0 pointsjosh26007y ago0 comments

Just to be clear, code running on a remote server is not code running in the client. Just because the server attests to the client doesn’t mean the client is running that code. You still have to do all of the threat modeling for the attested code differently from the threat modeling for the client.

I’m not yet prepared to publicly get into all of the nuances of SGX, but I think it’s worth noting that there’s something very interesting happening there. I look forward to being able to discuss my team’s technical findings on the subject in public.

To summarize why this is so interesting: the attack surface is the whole system. Enclaves let us extend parts of our trust model to systems we don’t own. That is a real change and, if it works, it’s going to change how systems are designed at a deep level. The problem is that there aren’t very many working implementations of sgx in the Wild (signal is the only one I know of).

We’ll see where the wind blows.

0 comments

3 comments · 1 top-level

zeeboo7y ago· 2 in thread

Enclaves are interesting, and I also look forward to all of the new things they allow. But all of that has nothing to do with open sourcing the server being important for security if given the ability to audit the client, and the client is not designed to require a cooperating server.

I'm tired of trying to get you to understand this point and have you respond with red-herrings and FUD. Please be intellectually honest when asking keybase to open source their server in the future, and don't claim that it's relevant to the security of the system.

josh2600OP7y ago

The openness of the code is always relevant to the security of the system. To pretend otherwise is dishonest.

Good day.

zeeboo7y ago

I'll believe you once you tell me how the openness of a core internet router is important to the security of visiting a website over https. Good job keeping up the FUD!

1 more reply

j / k navigate · click thread line to collapse