I'm not sure its a problem worth solving, you have to trust the provider, because bugdoors are perfect and plausibly deniable. If you distribute a targeted backdoor to one user, you might get caught, but w/bugdoor, just say "oops, please be responsible" if someone catches you.
-
-
Replying to @taviso @alexstamos and
Eh, and? That still means a big gap between web and native has been closed, at least in the handwavy, needs-to-be-specced thread I linked. Moves web from “always updating” to something more akin to defined instal/update points, which the provider can control and user audit
1 reply 0 retweets 3 likes -
Replying to @sleevi_ @alexstamos and
and... what will the user be auditing for? That there are no backdoors, but might still be bugdoors? Is that really useful?
1 reply 0 retweets 0 likes -
Replying to @taviso @alexstamos and
Considering the discussion was about web-vs-native, and this could make them equivalent in auditability, yes? I’m not arguing it gets you away from “trust the provider”, but it certainly gets you away from, say, having to trust me to police CAs in order to protect your updaters
1 reply 0 retweets 1 like -
Replying to @sleevi_ @alexstamos and
Which specific characteristic is desirable, that we can check we got the same binary? I mean, I suppose that does mean less reliance on CA, it's far more common to have malicious or compromised provider?
1 reply 0 retweets 0 likes -
Replying to @taviso @alexstamos and
Today’s Web model means attacker who pops provider or channel can serve arbitrary updates / code, including targeted to individual users. Native’s defense is to do codesigning/TUF so attacker has to compromise that key/source code. Web has **no** equivalent protection, not yet.
2 replies 1 retweet 4 likes -
Replying to @sleevi_ @alexstamos and
Ah-ha, you're not concerned about a malicious provider, or provider ordered to insert a backdoor - only a compromised provider who is unwittingly serving a backdoor. I agree there's not parity there, although not sure native story is so great either!
1 reply 0 retweets 3 likes -
This Tweet is unavailable.
-
This Tweet is unavailable.
-
This Tweet is unavailable.
That's what I would do. You shouldn't do it because of crypto backdoors though, because that won't help at all. If it's because you want the application safely contained from the rest of the system, then that is a good reason.
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.