Matthew GarrettWho wants a blogpost about what a root of trust actually is and why almost all existing implementations don't actually provide that trust
Jeremiah C. Foster πΈπͺπΊπΈπ₯@mjg59 Meeeee
Matt Palmer@mjg59 well, it is a day of the week ending in 'y', so I guess we're due for another explanation of why we can't have nice things.
Eric Stein οΏ½
Orca π» | π | πͺ | π΄π³οΈββ§οΈ@mjg59 That would be nice π
12 Freya it/itsππΉπ π©
Sqaaakoi 
β@mjg59 That sounds interesting!
Nicholas Weaver
John Sullivan@mjg59 I am groot
James Henstridge@mjg59 isn't a root of trust something you trust implicitly? How could it not be trustworthy? π
Ben Aveling@BenAveling @mjg59 I was thinking of traditional PKI systems in particular, where a key is trusted if it is the root of trust, or signed by a key that is trusted to make signatures.
In that sense, the root of trust is trusted axiomatically.
@mjg59 @jamesh I suspect Matthew is talking about zero trust/trusted computing. Not unrelated, granted.
If PKI, then yes, the root certificate is explicitly trusted, by virtue of being put in the certificate store. That said, given that most of didnβt build our own certificate stores, the question where does trust come from still lingers.
If PKI, then yes, the root certificate is explicitly trusted, by virtue of being put in the certificate store. That said, given that most of didnβt build our own certificate stores, the question where does trust come from still lingers.
Mike Mol@mjg59 you're going to write it anyway, and I'm going to read it. Good to get a good E2E explanation going, though.
Beyond a blogpost, when are you going to write an actual book that walks trust from end-to-end, answering the trust-analogous question to the interview question "you press enter after typing a URL, what happens? Can you go into more detail? More detail? More ...?"
Because I feel like you've got that book in you somewhere.
Steve Syfuhs@mjg59 so many people are gonna be so annoyed when all it says is "there is no such thing as a root of trust at scale"
Greg Albrecht W2GMD@mjg59 if it doesn't involve a locked door in a single story building in Sunnyvale, I'm interested.
matthew green@mjg59 that's when you trust the people you take to bed, right?
PΓ€r BjΓΆrklund@mjg59 yes please
dilawar@mjg59 We are groots!!
hallvors@mjg59 I do implicitly trust roots every time I walk past a tree. Good so far.
@mjg59 (jokes aside, I also look forward to your article/blogg post about roots of trust!)
grtyvr@mjg59 I'd read that.
bignoseDoes the blog post address the fact that "provide trust" was never the meaning?
Rather, "[unstated assumption all actors are operating in a single centralised one-way hierarchy of trust] this node is at the root of that trust hierarchy"
Johannes Kastl@mjg59 You had me at blogpost...
PYM le pirate capoeiriste
Bruno BEAUFILS@mjg59 everybody?
Antranig Vartanian 
@mjg59 mememememe
Andrew@mjg59 and why do server installations by default "trust" all those so called root of trusts?
HipΓ³lito SegismundezPlease add me to the blogpost as a very interested person
William@mjg59 sure. I'm trying to write a specification for one right now and it would be nice to know what I've f**ked up before I publish it :)
@mjg59 are we talking trusted computing or web PKI?
dha@mjg59 Yes, please!
Martin Kelly@mjg59 memememe!
Red_Shirt_no2@mjg59
Me me me me meeee!
Me me me me meeee!
Sindarina, Edge Case Detective@mjg59 I would totally read this, but it also feels like I maybe simply do not want to know π
uzayran@mjg59 it's trust as in 'trust me bro'
Evan Light@mjg59 Do iiiiiiit. Do it noowwwwwwwwwwwww.
amarioguy@mjg59 it would be a good read
Claus Cramon Houmann@mjg59 yes please