Open mpldr opened 5 months ago
?
Spot is not responsible for booting a computer.
But it could do that! Like manage secureboot signatures and setup the tpm so you can boot the machine.
What's the necessity of this request? Spot is a strange project which is not associated with launching an operating system. Do you realize that this is a complex request that requires hardware interpretation and collaboration?
The necessity is that a compromised computer running spoton could run a non-trustworthy version thus compromising the mesh.
TPM or whatever cannot guarantee that the libraries on your system which are used to access the chip are not compromised. I mean, you need to go through your operating system to get to the chip, right?
Yes, which is why secureboot is essential here.
If the OS is infected, a secure boot would seem like a meaningless activity. OK, OK, assume I don't know anything about a secure boot. And suppose that I assume that the chip and the secure boot thing are fine and dandy. Now suppose that some portions of the OS behave normally. So, everything appears fine. However, when applications begin accessing the chip, those accesses are redirected. And they are redirected such that the redirections are correct enough to trick you and the applications. It's possible because it isn't difficult.
Is a TPM an ASIC?
An excellent question. I would argue it is. The AS part being cryptography.
Impersonation of a TPM isnt really possible as the TPM contains the keys and doesn't hand them out.
I'm not suggesting that the TPM is the problem. The interface is the problem. You can't communicate with the TPM without using the OS. I mean, the OS provides the interface.
Unless you write your own C or C++ interface which must be totally free of any OS facility. You would have to trust the C library, etc.
Sure, but the same is true for syscalls which you rely on for networking. It's turtles all the way down.
There is grub which is studied by many people and this would not be. Grub has secure modes.
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
I don't know if grub as itself is secure, but it can delegate security to other security things.
Do you like Spot-On?
I hope that answers it. Not sure what the ultimate point you were going for was, though.
Why don't you like it?
Just to make sure, you opened the "Yes and no"-answer? (just click it)
Things I dislike/don't understand:
That being said, it is an impressive project. I just fail to see a reason to use it over something more wide-spread as it does not even provide a tangible benefit to one of the more specialised, but widely-available solutions. (for example IMAP clients for the phone can already sign and encrypt)
Maybe I am just not the target audience or don't get that this is a kind of research project, though.
I am afraid, this is coming across as some kind of project bashing, which it is not intended to be. I just see a certain level of danger in cryptography tools that provide normies with many tools they might not understand. This is the way I originally found this repo: By way of someone pointing me here, using it as some sort of silver bullet for all things privacy.
Spot-On was one of the first to include encrypted real-time messaging over e-mail. It's Poptastic. In 2014. Spot-On introduced it with encryption in the first release. Not only that, one could establish new communication keys through the e-mail protocol.
https://sourceforge.net/p/spot-on/code/3763/
MS introduced it in 2015 and the article mentions a company in 2013.
Spot-On was not created by a team of people.
The article doesn't mention encryption.
Spot-On implements its own SCTP layer. Qt later introduced SCTP.
Spot-On contains its own Web server and search engine. It also includes a process of collecting complete Web content and storing it in PostgreSQL or SQLite databases in encrypted containers. The Web search functions on tablets, Lynx, PlayStation, and even the Wii. A separate process allows for the collected pages to be uploaded automatically to GH. I do that via a passively-cooled computer. This small computer collects, archives, and shares.
Spot-On builds and functions on Android. This is an experimental mode because of libgcrypt. See the image in the README.md. That is an Android build.
Spot-On includes a distributed and reliable file-sharing protocol. It's TCP on the Echo. The trustworthiness of the peers is irrelevant.
Spot-On compiles natively on Pi, Sparc, Apple Silicon. At some point, it was running on Alpha processors and OpenBSD.
It functions with or without TLS. It includes SMP over an asynchronous environment.
Spot-On functions over Tor.
Spot-on allows me to play QtChess over an encrypted channel through a mode called Local Private Application Interfaces. I don't need ssh tunnels or Tor especially.
How is the documentation hidden? https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Documentation/Spot-On.pdf
It includes a mail mode called Institutions. This is separate of IMAP and POP. One can house e-mail of people without being able to read it. The feature is complicated.
Did not mention PowerPC natively functioning. Now I did. :)
Spot-On created Echo Public Key Share well before Autocrypt (https://en.wikipedia.org/wiki/Autocrypt). EPKS is a mechanism for distributing public keys privately to one or more destinations, similar to Autocrypt (which is through e-mail) but better. :)
Server-less P2P is also included. In this mode, accept() does not exist. This mode works over TLS too.
Server-less P2P Spot-On includes a mechanism for establishing SSL/TLS and clear-text channels without relying on TCP listeners. Process is as follows:
I am afraid, this is coming across as some kind of project bashing, which it is not intended to be. I just see a certain level of danger in cryptography tools that provide normies with many tools they might not understand. This is the way I originally found this repo: By way of someone pointing me here, using it as some sort of silver bullet for all things privacy.
Yeah, you should be careful of recommendations.
I want to use it as a bootloader. Like with secureboot and tpm and the stuff for a secure boot environment. Can you implement that?