6. One downside is that it creates really strong incentives for someone to find a vulnerability of any kind, including in the hardware.
-
Show this thread
-
7. This is true of any remote attestation scheme, as documented here: https://www.blackhat.com/docs/us-17/thursday/us-17-Swami-SGX-Remote-Attestation-Is-Not-Sufficient-wp.pdf …
1 reply 2 retweets 20 likesShow this thread -
8. In the case of Intel's SGX, the issue is even worse because even if the hardware isn't compromised, every remote attestation uses "Intel Attestation Service", which isn't end-to-end protected.
3 replies 4 retweets 25 likesShow this thread -
9. That attestation service validates the enclave's signature, returning a success/failure message, then signed with an Intel key. However, nothing prevents Intel from being compelled to sign a falsified response! A client would have no way of telling the difference.
4 replies 6 retweets 19 likesShow this thread -
10. So in summary, cool concept! I just have some questions about the implementation. Would love to discuss w the team or see an expanded whitepaper when it's available.
2 replies 1 retweet 19 likesShow this thread -
Replying to @AriannaSimpson
I would like to know what
@zooko thinks about this1 reply 0 retweets 0 likes -
Replying to @deezthugs @AriannaSimpson
I haven't studied SGX and I am relying on people whose opinions I respect, including Arianna.
1 reply 0 retweets 3 likes -
I *can* say that I wouldn't be satisfied with an architecture that makes every user vulnerable to Intel.
1 reply 1 retweet 8 likes -
Or Intel’s provisioning online (!) provisioning system getting compromised.
1 reply 1 retweet 8 likes -
N.B. Matthew Green is absolutely one of the best people in the world to rely on for evaluations of such issues.
1 reply 1 retweet 6 likes
That's a weird way of saying @AriannaSimpson is right, but I totally agree.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.