Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Any way to make code running on a cloud service publicly verifiable?

On 2012-09-20 18:08 +0900 (Thu), Stephen J. Turnbull wrote:

> Curt Sampson writes:
>  > Well, the obvious thing to do here is really just to make a tar archive
>  > of the source you're going to upload and sign that.
> Sure, that's the standard approach.  The potential problem is that now
> the trusted provider has to authenticate the archive uploaded to the
> secure AMI against your signature *and* against the version you've
> published for users to audit.

I would think you'd have the server allow downloads of the version it's
running, rather than worry about having the user get something the
server already has from somewhere else.

> Yeah, I thought about that.  I don't see how it's a reduction in
> attack surface, though.  It's just a question of how reliable the
> chained SHA1 is, but that's the only point of attack I can see.

I wouldn't be confident that that's the only new area of attack without
further analysis, and even just the question of the reliability of the
chained SHA1 is not trivial. (If it were, we wouldn't be using things
such as HMACs instead of straight hashes.)

Curt Sampson         <>         +81 90 7737 2974

It is easier to write an incorrect program than understand a correct one.
    --Alan Perlis, Epigrams on Programming (#7)

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links