[users] Public Gemini hosting?
nervuri at disroot.org
Thu Apr 15 14:32:55 BST 2021
On Thu, 2021-04-08, Mansfield wrote:
>I'm curious... is there *any* server that is running where the code
>being run can be verified? I could see someone saying, "I'm running the
>open source version of FOO as the server", but they could have tweaked
>it to be FOO' or something... thoughts?
Look into remote attestation - TPM-based cryptographic assurance that
remote code is what it's supposed to be. It's a DRM-type scheme,
relying on a secret key being stored in hardware, so it's not ultimately
trustworthy, but it does raise the bar. Signal makes use of the Intel
SGX variant , although it has its share of problems .
>SGX allows applications to provision a “secure enclave” that is
>isolated from the host operating system and kernel, similar to
>technologies like ARM’s TrustZone. SGX enclaves also support remote
>attestation. Remote attestation provides a cryptographic guarantee of
>the code that is running in a remote enclave over a network.
>An SGX enclave on the server would enable a service to perform
>computations on encrypted client data without learning the content of
>the data or the result of the computation.
As for your application, I agree with Jason McBrayer: good idea, but I
would not use or recommend it unless it is libre software.
More information about the Gemini