Remix.run Logo
mjg59 3 hours ago

You say that, and also remote attestation is how Signal knows it's talking to a legitimate SGX enclave running the expected payload

greyface- 2 hours ago | parent | next [-]

> running the expected payload

SGX does not cryptographically guarantee this. It cryptographically guarantees that the processor contains a legitimate provisioning key signed by Intel. Intel pinky promises that its processor will then only use this provisioning key in certain ways. This promise is essentially unauditable, and previous SGX bugs have shown that Intel isn't really in a position to make it anyway.

gucci-on-fleek 43 minutes ago | parent [-]

You are 100% correct, but this is still mostly fine: without SGX, you need to completely trust Signal, since it could trivially modify the server-side code. But with SGX, you only need to trust that Signal and Intel won't both collude.

The most likely attacks on Signal involve trusted insiders or configuration errors, and SGX mostly prevents these, since to exploit it, you'd need to bribe insiders in both Signal and Intel, or find configuration errors in both of their software stacks.

Collusion is certainly still possible, but it's much harder to pull off, since it typically requires nation-state-level resources to exploit. Signal does actually have nation-state adversaries, but the vast majority of other software projects don't.

(I personally think that remote attestation is the single biggest risk to the free software movement, but I begrudgingly accept that Signal is a very good use case for it.)

Zak 2 hours ago | parent | prev | next [-]

There's some value in that, but Signal's main security proposition is that you don't have to trust the infrastructure. E2EE means even compromised server software can't read message contents.

gruez an hour ago | parent [-]

He's talking about contact discovery, which can't be solved by just slapping e2ee on it

lcvw 3 hours ago | parent | prev | next [-]

I definitely want to do a post on confidential computing as well. Super cool stuff.

throwaway7679 3 hours ago | parent [-]

Maybe you could do a post on... remote attestation.

That is, the thing that people are actually talking about when they use that term: The means for companies and governments to usurp the ownership of consumer devices.

mindslight 2 hours ago | parent | prev [-]

Being able to come up with compelling use cases for a technology does not redeem that technology from creating a terrible power imbalance that incentives will mean is inevitably abused. Whenever anyone hears "remote attestation", they should think of the already-pervasive Cloudflare CAPTCHA nagwalls, and then think of those becoming something you can only get past by buying a new computer running a proprietary locked-down OS and browser.

The only way to make remote attestation into a neutral technology is to prohibit privileged keys being loaded (and retained) by device manufacturers. This would make it impossible for arbitrary protocol counterparties to know if their attestation requests are being answered by hardware, or merely emulated in software. This approach is the only way to preserve computing freedom (ie the very concept of protocols that mediate between mutually-untrusting parties) in the presence of this technology.