[cryptography] Reply to Zooko (in Markdown)

Mansour Moufid mansourmoufid at gmail.com
Wed Aug 21 18:15:58 EDT 2013


On 2013-08-17, at 1:50 PM, Jon Callas wrote:

> On Aug 17, 2013, at 12:49 AM, Bryan Bishop <kanzure at gmail.com> wrote:
> 
>> Would providing (signed) build vm images solve the problem of
>> distributing your toolchain?
> 
> Maybe. The obvious counterexample is a compiler that doesn't
> deterministically generate code, but there's lots and lots of hair in
> there, including potential problems in distributing the tool chain
> itself, including copyrighted tools, libraries, etc.
> 
> But let's not rathole on that, and get to brass tacks.
> 
> I *cannot* provide an argument of security that can be verified on its
> own. This is Godel's second incompleteness theorem. A set of
> statements S cannot be proved consistent on its own. (Yes, that's a
> minor handwave.)
> 
> All is not lost, however. We can say, "Meh, good enough" and the
> problem is solved. Someone else can construct a *verifier* that is
> some set of policies (I'm using the word "policy" but it could be a
> program) that verifies the software. However, the verifier can only be
> verified by a set of policies that are constructed to verify it. The
> only escape is decide at some point, "meh, good enough."

Gitian can build projects deterministically such that the result can be
corroborated by many parties:

<http://gitian.org/>

I don't know if it can be used with the app stores but it shows that the
process is doable for those who really care. Personally I think time is
better spent on static analysis for example.



More information about the cryptography mailing list