Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Date: Thu, 20 Sep 2012 18:08:21 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- References: <CA+su7OWvHruqQ8MVWKqkGNSwrnLS0GeZECk=B4P4AwWN=qR8eg@mail.gmail.com> <87627grg2i.fsf@uwakimon.sk.tsukuba.ac.jp> <20120915065609.GB9846@homeric.cynic.net> <87wqzvpci6.fsf@uwakimon.sk.tsukuba.ac.jp> <20120915152427.GA32537@homeric.cynic.net> <87txuypjck.fsf@uwakimon.sk.tsukuba.ac.jp> <20120920004427.GA6656@homeric.cynic.net>
Curt Sampson writes: > Well, the obvious thing to do here is really just to make a tar archive > of the source you're going to upload and sign that. Sure, that's the standard approach. The potential problem is that now the trusted provider has to authenticate the archive uploaded to the secure AMI against your signature *and* against the version you've published for users to audit. If you don't make very many changes, probably not a problem (except in your wallet, I'm sure they'll charge you for this! ;-) > It's a lot simpler and a huge reduction in attack surface. Thinking > about it, the whole idea of invovling git (or any other RCS) at all > now seems bad to me. Yeah, I thought about that. I don't see how it's a reduction in attack surface, though. It's just a question of how reliable the chained SHA1 is, but that's the only point of attack I can see.
- Follow-Ups:
- References:
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Edmund Edgar
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Stephen J. Turnbull
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Curt Sampson
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Stephen J. Turnbull
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Curt Sampson
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Stephen J. Turnbull
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Curt Sampson
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- Prev by Date: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Next by Date: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Previous by thread: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Next by thread: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |