> Verify our no-logging policy through code inspection
-
Verify our no-logging policy through code inspection
Couldn't a network appliance, iptables or a bpf program still be logging and we'd have no idea?
Validate that the code running on our servers matches this public repository
Yes but AFAIK it can't validate that the code you verified against is the same code actually powering your VPN session right now (could be a dummy box just used for validation), or that some other external hardware or superuser-level code isn't also listening in. Someone please correct me if I'm wrong.
-
Verify our no-logging policy through code inspection
Couldn't a network appliance, iptables or a bpf program still be logging and we'd have no idea?
Validate that the code running on our servers matches this public repository
Yes but AFAIK it can't validate that the code you verified against is the same code actually powering your VPN session right now (could be a dummy box just used for validation), or that some other external hardware or superuser-level code isn't also listening in. Someone please correct me if I'm wrong.
Someone please correct me if I'm wrong.
You are 100% right. Also - SGX depends on explicit trust of Intel code signing, which is another externality that needs to be in the threat model.