top | item 45839930

(no title)

dcliu | 3 months ago

That's a strong claim for not looking into it at all.

From a brief glance at the white paper it looks like they are using TEE, which would mean that the root of trust is the hardware chip vendor (e.g. Intel). Then, it is possible for confidentiality guarantees to work if you can trust the vendor of the software that is running. That's the whole purpose of TEE.

discuss

jiveturkey|3 months ago

I guess you're unaware that Intel TEE does not provide physical protection. Literally out of scope, at least per runZero CEO (which I didn't verify). But anyway, in scope or not, it doesn't succeed at it.

And I mean I get it. As a not-hardware-manufacturer, they have to have a root of trust they build upon. I gather that no one undertakes something like this without very, very, very high competence and that their part of the stack _is_ secure. But it's built on sand.

I mean it's fine. Everything around us is built that way. Who among us uses a Raptor Talus II and has x-ray'd the PCB? The difference is they are making an overly strong claim.

9dev|3 months ago

It doesn’t matter either way. Intel is an American company as well, and thus unsuitable as a trust root.

bangaladore|3 months ago

A company of what country would you prefer?

Everyone likes to dunk on the US, but I doubt you could provide a single example of a country that is certainly a better alternative (to be clear I believe many of the west up in the same boat).

jiveturkey|3 months ago

> Intel is an American company

Literally.

brookst|3 months ago

If you’re moving the goalposts from tech implementation to political vibes, it’s just more post-fact nabobism.