Use as bootloader.

[mpldr]

I want to use it as a bootloader. Like with secureboot and tpm and the stuff for a secure boot environment. Can you implement that?

[textbrowser]

?

[textbrowser]

Spot is not responsible for booting a computer.

[mpldr]

But it could do that! Like manage secureboot signatures and setup the tpm so you can boot the machine.

[textbrowser]

What's the necessity of this request? Spot is a strange project which is not associated with launching an operating system. Do you realize that this is a complex request that requires hardware interpretation and collaboration?

[mpldr]

The necessity is that a compromised computer running spoton could run a non-trustworthy version thus compromising the mesh.

[textbrowser]

TPM or whatever cannot guarantee that the libraries on your system which are used to access the chip are not compromised. I mean, you need to go through your operating system to get to the chip, right?

[mpldr]

Yes, which is why secureboot is essential here.

[textbrowser]

If the OS is infected, a secure boot would seem like a meaningless activity. OK, OK, assume I don't know anything about a secure boot. And suppose that I assume that the chip and the secure boot thing are fine and dandy. Now suppose that some portions of the OS behave normally. So, everything appears fine. However, when applications begin accessing the chip, those accesses are redirected. And they are redirected such that the redirections are correct enough to trick you and the applications. It's possible because it isn't difficult.

[textbrowser]

Is a TPM an ASIC?

[mpldr]

An excellent question. I would argue it is. The AS part being cryptography.

[mpldr]

Impersonation of a TPM isnt really possible as the TPM contains the keys and doesn't hand them out.

[textbrowser]

I'm not suggesting that the TPM is the problem. The interface is the problem. You can't communicate with the TPM without using the OS. I mean, the OS provides the interface.

[textbrowser]

Unless you write your own C or C++ interface which must be totally free of any OS facility. You would have to trust the C library, etc.

[mpldr]

Sure, but the same is true for syscalls which you rely on for networking. It's turtles all the way down.

[textbrowser]

There is grub which is studied by many people and this would not be. Grub has secure modes.

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

I don't know if grub as itself is secure, but it can delegate security to other security things.

[textbrowser]

Do you like Spot-On?

[mpldr]

Yes and no.

I do absolutely like the goal of making privacy enhancing tools easily and readily available and helping normies™ protect themselves (at least, I assume that this is a goal). Fostering P2P and federation as a default is also a great thing to strive for. At the same time, I have a bit of an issue of the buzzword-bingo that is played in the readme and the "Complexity is beautiful." in the repo description is something that sends shudders down my spine as it reminds me of all the times smart people prefer inventing a (usually flawed) new way of doing things with some perceived benefit only to introduce a huge lump of issues down the line. The lack of a clear "goal" or "purpose" also makes it rather difficult to deploy. Even if I want to deploy Spot-on on one of my servers, there is no documentation on how to do it, no mentions of security implications of settings and in general a lack of "scope". I hope that rambling helped with understanding. It's almost midnight here, so there might be a bit incoherent rambling sprinkled in for good measure. FWIW, I think it having a deeper integration into the boot process could help secure the boot chain (especially if it sets proper TPM flags) which normal users are less keen and knowledgeable of doing

I hope that answers it. Not sure what the ultimate point you were going for was, though.

[textbrowser]

Why don't you like it?

[mpldr]

Just to make sure, you opened the "Yes and no"-answer? (just click it)

Things I dislike/don't understand:

• absolutely no scope (the scope is: everything)
• crypto-functions are limited in use, since there is only a UI available
• having a server as a kind of "always-online" client is difficult for the same reason
  • there seems to be mentions of a UI-less server mode in the docs, but I failed to find it
• the neighbor setup had me scratching my head, which is at odds with the perceived goal of a normie™-accessible application
• it does not solve any problem that has not been solved before (correct me if I'm wrong)
  • Chat: Matrix/IRC/XMPP
  • Email: *MTP, which are already decentralised
  • Email encryption: PGP/SMIME
  • File Transfer: FTP, magic wormhole, syncthing, or onionshare
  • Browser: Tor
  • And is incompatible with most of them
• very well-hidden documentation
• Handshake Protocol seems not to provide a significant benefit over mutual TLS

That being said, it is an impressive project. I just fail to see a reason to use it over something more wide-spread as it does not even provide a tangible benefit to one of the more specialised, but widely-available solutions. (for example IMAP clients for the phone can already sign and encrypt)

Maybe I am just not the target audience or don't get that this is a kind of research project, though.

[mpldr]

I am afraid, this is coming across as some kind of project bashing, which it is not intended to be. I just see a certain level of danger in cryptography tools that provide normies with many tools they might not understand. This is the way I originally found this repo: By way of someone pointing me here, using it as some sort of silver bullet for all things privacy.

[textbrowser]

Spot-On was one of the first to include encrypted real-time messaging over e-mail. It's Poptastic. In 2014. Spot-On introduced it with encryption in the first release. Not only that, one could establish new communication keys through the e-mail protocol.

https://sourceforge.net/p/spot-on/code/3763/

MS introduced it in 2015 and the article mentions a company in 2013.

https://techcrunch.com/2015/07/22/microsoft-introduces-send-a-short-form-email-app-that-works-more-like-instant-messaging/

Spot-On was not created by a team of people.

The article doesn't mention encryption.

[textbrowser]

Spot-On implements its own SCTP layer. Qt later introduced SCTP.

[textbrowser]

Spot-On contains its own Web server and search engine. It also includes a process of collecting complete Web content and storing it in PostgreSQL or SQLite databases in encrypted containers. The Web search functions on tablets, Lynx, PlayStation, and even the Wii. A separate process allows for the collected pages to be uploaded automatically to GH. I do that via a passively-cooled computer. This small computer collects, archives, and shares.

[textbrowser]

Spot-On builds and functions on Android. This is an experimental mode because of libgcrypt. See the image in the README.md. That is an Android build.

[textbrowser]

Spot-On includes a distributed and reliable file-sharing protocol. It's TCP on the Echo. The trustworthiness of the peers is irrelevant.

[textbrowser]

Spot-On compiles natively on Pi, Sparc, Apple Silicon. At some point, it was running on Alpha processors and OpenBSD.

[textbrowser]

It functions with or without TLS. It includes SMP over an asynchronous environment.

[textbrowser]

Spot-On functions over Tor.

[textbrowser]

Spot-on allows me to play QtChess over an encrypted channel through a mode called Local Private Application Interfaces. I don't need ssh tunnels or Tor especially.

[textbrowser]

How is the documentation hidden? https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Documentation/Spot-On.pdf

[textbrowser]

It includes a mail mode called Institutions. This is separate of IMAP and POP. One can house e-mail of people without being able to read it. The feature is complicated.

[textbrowser]

Did not mention PowerPC natively functioning. Now I did. :)

[textbrowser]

Spot-On created Echo Public Key Share well before Autocrypt (https://en.wikipedia.org/wiki/Autocrypt). EPKS is a mechanism for distributing public keys privately to one or more destinations, similar to Autocrypt (which is through e-mail) but better. :)

[textbrowser]

Server-less P2P is also included. In this mode, accept() does not exist. This mode works over TLS too.

Server-less P2P Spot-On includes a mechanism for establishing SSL/TLS and clear-text channels without relying on TCP listeners. Process is as follows:

1. A node binds to its local IP address, say 192.168.178.10. Its remote IP address is the Internet address of the remote peer in step 2.
2. A node binds to its local IP address, say 192.168.178.15. Its remote IP address is the Internet address of the remote peer in step 1.
3. Both Spot-On instances automatically and repeatedly attempt to connect to their remote peers.
4. After a connection is established, one of the peers automatically and optionally prepares an SSL/TLS session as a server. The second peer automatically attempts to complete the SSL/TLS session as a client.

[textbrowser]

I am afraid, this is coming across as some kind of project bashing, which it is not intended to be. I just see a certain level of danger in cryptography tools that provide normies with many tools they might not understand. This is the way I originally found this repo: By way of someone pointing me here, using it as some sort of silver bullet for all things privacy.

Yeah, you should be careful of recommendations.

[textbrowser]

https://www.freie-messenger.de/en/echo/