[users] Public Gemini hosting?

nervuri nervuri at disroot.org
Thu Apr 15 14:32:55 BST 2021

On Thu, 2021-04-08, Mansfield wrote:
>I'm curious... is there *any* server that is running where the code
>being run can be verified? I could see someone saying, "I'm running the
>open source version of FOO as the server", but they could have tweaked
>it to be FOO' or something... thoughts?

Look into remote attestation - TPM-based cryptographic assurance that
remote code is what it's supposed to be.  It's a DRM-type scheme,
relying on a secret key being stored in hardware, so it's not ultimately
trustworthy, but it does raise the bar.  Signal makes use of the Intel
SGX variant [1], although it has its share of problems [2].

>SGX allows applications to provision a “secure enclave” that is
>isolated from the host operating system and kernel, similar to
>technologies like ARM’s TrustZone. SGX enclaves also support remote
>attestation. Remote attestation provides a cryptographic guarantee of
>the code that is running in a remote enclave over a network.

>An SGX enclave on the server would enable a service to perform
>computations on encrypted client data without learning the content of
>the data or the result of the computation.

[1] https://signal.org/blog/secure-value-recovery/#deus-sgx-machina
[2] https://medium.com/@maniacbolts/signal-increases-their-reliance-on-sgx-f46378f336d3

As for your application, I agree with Jason McBrayer: good idea, but I
would not use or recommend it unless it is libre software.

More information about the Gemini mailing list