zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. Someon+f2[view] [source] 2021-04-07 15:10:49
>>red_tr+G1
How would that work? You'd be layering trust on trust, wherein if they're willing to lie about one thing they're willing to lie about confirmation of that same thing (or not).

Unless you're going to hire some independent auditor (that you still have to trust) it seems logically problematic.

◧◩◪
3. madars+K2[view] [source] 2021-04-07 15:13:49
>>Someon+f2
SGX enclaves can attest to the code they are running, so you don't exactly need to take Signal's word on faith.
◧◩◪◨
4. Someon+Dq[view] [source] 2021-04-07 16:55:55
>>madars+K2
That isn't a solution to the problem being discussed (a provider's server code being verifiable by end users). I'm quite confused by the suggestion that it could be/is.
[go to top]