From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_ZEN_BLOCKED_OPENDNS,URIBL_DBL_BLOCKED_OPENDNS, URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.4 Received: from txout-a3-smtp.messagingengine.com (txout-a3-smtp.messagingengine.com [103.168.172.226]) by inbox.vuxu.org (Postfix) with ESMTP id 09CEE2B906 for ; Wed, 31 Dec 2025 17:19:41 +0100 (CET) Received: from localhost.localdomain (phl-topicbox-02.internal [10.202.2.220]) by mailtxout.phl.internal (Postfix) with ESMTP id AE3021C05AA for ; Wed, 31 Dec 2025 11:19:40 -0500 (EST) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=FnroNDQh header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-lf1-f52.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type:content-transfer-encoding :list-help:list-id:list-post:list-subscribe:reply-to :list-unsubscribe; s=sysmsg-1; t=1767197980; bh=eNo+38Xm2f3Ov6tM g8I7urMcmKKXFYlkvCnKvzcIYto=; b=r9d0loTahf5S3hN49LV6SNUyOpxbg9xC 2rJ+/bEGdIgqitXFJ/hwvpdZqcxEO2UEMe/imuyFIBseufgN6+jfd1w/BbxI8vFc 7AtvczEZRKNxjOMnKEsnFtGCkpmTYIRcHwgbcip/IjHRYnAU7aIqxXAPY6wKKFMY TZS01PektY4= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1767197980; b=flUiVtmqVsB2ge+74lOPi+Xs2V0bZS/2Ix32778xFCk8DAcOPZ axH/bmlbdHmx/tzwOWCNopTnvZpesduYkV5svSqPZhuZB7ikDhTH18CG9sMvUeYq MOoyzbfOJfe0USfBhMKvG84F0oVhSuWNxM36cO9prZr3/BE7XBazT9L90= Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=FnroNDQh header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-lf1-f52.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=FnroNDQh header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.167.52 (mail-lf1-f52.google.com); spf=pass smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-lf1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=PrRJlI7N; x-me-sender=none; x-ptr=pass smtp.helo=mail-lf1-f52.google.com policy.ptr=mail-lf1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_128_GCM_SHA256 smtp.bits=128/128; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:content-type:content-transfer-encoding:list-help:list-id :list-post:list-subscribe:reply-to:list-unsubscribe; s=dkim-1; t=1767197980; x=1767284380; bh=jWHnMelho3L7pqaQ0NPBVmbPIQd+1Vb/ 18FxJJKXf58=; b=XA7/Z53XOAGBTU8Z4DZNjON9JMq9JEfRcs0k0LVId1LbBLc9 IEuVA0PE3xLXJtK6iri75dcEs0eT6Za40lt5m5mLz5+Ss7EsJuy1Q+sgXiNBgehZ DNmdTRhZ5kmurUY3g6PlEzRI37V0icxsHgO+KgaUINbld+44vKnm7VsJleE= Received: from authmilter.topicbox.com (unknown [172.17.0.1]) by mx.topicbox.com (Postfix) with ESMTP id EDCF035CD9B5 for <9fans@9fans.net>; Wed, 31 Dec 2025 03:51:36 -0500 (EST) Received: from mx.topicbox.com (172.17.0.1 [172.17.0.1]) by authmilter.topicbox.com (Authentication Milter) with ESMTP id 358D609D9A7; Wed, 31 Dec 2025 03:51:36 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1767171096; b=vIUlpu+vKefail7c7BG/K2b/LukFfE1YnlizUPDPYkiGdXUIQx zK73tDEYKYDu8KZ7fFlswqUiSBYf7P1CCrs8h+k9ChS2g70Jrab98OoglhQM+BIU zI8VD2WiseSIvbj2+AYkpt4Gjp9z8ntcUCs9JYQWXDpzp2BZYyaIjczLdFJIfD3G DsDSPQnbeYYpJO4FJKcAzxPqIcSVGQrXK68wG4F6FkSP31r7jUs3wXLpZdPjs2UQ H6QsOkRX0NVjvt183BS0FmoPC1cpDssPuPjSl8F+hjRy24fNeFPgx3oNTcE3dmNq i280VXSjx2P2QUlla0FvmgRQ68PUf6kcT3jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type:content-transfer-encoding; s=arcseal; t=1767171096; bh=+WOtGrAWOOoCiUV5zPffQ0QhCI8GW7R8wB3 hELCrKOU=; b=sQtPcFWXJIGu3DQQaEfgh7Vr4VJVZ7FNHZ7KS0+5dDVNfS10Hzv H5aXaq5BbKyQlu82SvY6nVf6lRO2+rQxs2ifTt3lNxPUYZ0ZwDV+oOMfu038T+s6 82v6D+n/QOLaOC7TBWTF01AYkQDWeL3hxlk7wOHJT5xAfMBIsAdGFa3HXXlWHVcM 1y3fxlmUyVCAP/Lcbj4+jEVf0y9u25wnEoiChqeAJvumfpx5IfO9AXT2aBAE8VRd fTiAV+CgsPit1GoPcLAyN1c7iXtpuzLvRTIsF0FeZp0y9gYPLtgYDusozfePX8sJ Exyj5Ao9U6g2eGaLtNqAyw8RhurPPPxvuOA== ARC-Authentication-Results: i=1; authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=FnroNDQh header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.167.52 (mail-lf1-f52.google.com); spf=pass smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-lf1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=PrRJlI7N; x-me-sender=none; x-ptr=pass smtp.helo=mail-lf1-f52.google.com policy.ptr=mail-lf1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.3 smtp.cipher=TLS_AES_128_GCM_SHA256 smtp.bits=128/128; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdekvdegiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepgghfjg fhfffkuffvtgfgsehtqhertddttdejnecuhfhrohhmpefukhhiphcuvfgrvhgrkhhkohhl ihgrnhcuoehskhhiphdrthgrvhgrkhhkohhlihgrnhesghhmrghilhdrtghomheqnecugg ftrfgrthhtvghrnhepteejffdvieegvdektdffveduvdevveeivdejhfeltddtffdvueeg hfeuheejfeeunecuffhomhgrihhnpehtohhpihgtsghogidrtghomhenucfkphepvddtle drkeehrdduieejrdehvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhn vghtpedvtdelrdekhedrudeijedrhedvpdhhvghlohepmhgrihhlqdhlfhduqdhfhedvrd hgohhoghhlvgdrtghomhdpmhgrihhlfhhrohhmpeeoshhkihhprdhtrghvrghkkhholhhi rghnsehgmhgrihhlrdgtohhmqedpnhgspghrtghpthhtohepuddprhgtphhtthhopeeole hfrghnsheslehfrghnshdrnhgvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'skip.tavakkolian@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=authmilter.topicbox.com; identity=mailfrom; envelope-from="skip.tavakkolian@gmail.com"; helo=mail-lf1-f52.google.com; client-ip=209.85.167.52 Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Wed, 31 Dec 2025 03:51:36 -0500 (EST) Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-59911cb8c3cso11810595e87.2 for <9fans@9fans.net>; Wed, 31 Dec 2025 00:51:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767171094; x=1767775894; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+WOtGrAWOOoCiUV5zPffQ0QhCI8GW7R8wB3hELCrKOU=; b=PrRJlI7NlZXAvNLDFrDTbFZth5xj3RIJVP8tL1/PP776zuz+bwgKpFCy1RJrdsnKHh Q/2A+QpS3JX3kfzrbuGDC9Cx73g2KNgc9PR+j7+EKV/Rdu43+cpgb+S7wybQs/qKbcjB Yt7gnsjATPivcWJpXBlb+4ynuOOBPqsF46qTNDfvD8/dSFiN6oCUEGiRiwmyxzN3ptBZ 3XxCHHlm3F1Up+x7qpbjRCcpIwNQzXrmT83bjxhkV9qnrfmsCSyvqtKI3VNdRUh3BxGs TbwFZeae5Poy9WdrQMaZN0eFS2j1RQh3vSuzi0V5hn4ezXlBZdNjGgIjsHivOsnTQoPy XMNg== X-Gm-Message-State: AOJu0YykAY7fVSX/zzbKAypIqNdu0T6gYOsySkbZPSpBMIvFdaD0ea6d pb6pHfYlpK3mvvt1j6qLT14lzq2PNQSWeNaLTPL0DOdY1q1R3qTgf51MZ+dIXADopofcqRaPIx0 AChIGm3K+dOYBtjSAetFLUNjIX0+voAqt8w== X-Gm-Gg: AY/fxX7a4US2rg1K2W15JfyiId+MLnfX0XMZKYrRKaPPmXkez6bzf37QsuXrFwC6ov8 CH5sbDLjDfnTKWe2fBm9ty+k88a/GyMs1bdf7Bbet5XJ7TOksJpLx8IXdkPXyLFTV40Jk7cEJZQ 48r73Cl+fPj8/xEpWMkuFXHyhIliu1JFmUMWfkOf9WlWQByC0/dObzDZemQWTJJOMbgrDvTKWAz p8ztQGJXjj7GQpSswbuq5i4/M7reHBSWsIArRkXuFyPHf21QAaMZ4ZLMa1O4QAAYgR1fw== X-Google-Smtp-Source: AGHT+IG3MfzdIAsuf5YuNGUj0bfTsUQCQ9ajWj1vMPdC3jhrCqyWGEEf42jPAArosKEv/sJal9CWN/NcDJDLWPmBEt0= X-Received: by 2002:a05:6512:4010:b0:595:9d6b:1174 with SMTP id 2adb3069b0e04-59a17d5d890mr11064661e87.35.1767171094074; Wed, 31 Dec 2025 00:51:34 -0800 (PST) MIME-Version: 1.0 References: <54c7d3ca-7bb4-44f6-8fc6-f8bc51cdd974@sirjofri.de> <082BB1F6719955832AA636A1DF46A15E@eigenstate.org> In-Reply-To: <082BB1F6719955832AA636A1DF46A15E@eigenstate.org> From: Skip Tavakkolian Date: Wed, 31 Dec 2025 00:51:20 -0800 X-Gm-Features: AQt7F2rAd2KXONJDB47UoHpp4hBb2Vj4D6ZXFUQ_C9vJOXcyxVeVygBErQ5irxY Message-ID: Subject: Re: [9fans] Solo factotum To: 9fans <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Topicbox-Policy-Reasoning: moderate: sender is a member; group holds all messages Topicbox-Message-UUID: eb28ce2e-e625-11f0-b751-d4f30fc0285f Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UYTYwNzUyNjYzZmYwODQ0OC1NNDlkOGEyMTgxMDY3OWUxNWJmZjdl?= =?UTF-8?B?ZjQ2Pg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M49d8a21810679e15bff7ef46:1:-pkswbRsJ8DTHj2R-B8Ts9tSv6-MdDb-huTeaG8Qqew To Ori's point, for such a factotum-on-a-stick to be as secure as possible (the main point), you would need hardware support like encrypted storage, trusted execution env, hardware root of trust attestations all the way to the manufacturer, etc. This level of security is crucial for trustworthy IoT (e.g. trusting over-the-air updates), which is why some SoC's like Nordicsemi NRF52, 53, 54 and STMicroelectronics STM32L5, H5 have these capabilities. Arm's Platform Security Architecture framework is a good resource for considering all the ways that secrets can be compromised and how the processor architecture can help mitigate them. If doing embedded development isn't a showstopper, I think working out how to embed factotum in a suitable device and figuring out the mechanics of integrating it into the user environment would be a useful experiment. There are inexpensive dev kits for NRF and STM soc. On Tue, Dec 30, 2025 at 4:14=E2=80=AFPM wrote: > > y'all are reinventing a TPM. > > Quoth sirjofri via 9fans <9fans@9fans.net>: > > 30.12.2025 19:22:13 Dworkin Muller : > > > Alternatively, just set it up as a secret store, like is done with > > > terminals. Not quite as elegant/cool, but perhaps more practical. > > > > In general, you're right. However the big difference (and why I think t= here's a solid use case for a factotum key) is that the machine that runs f= actotum has to be secure. If you have a terminal with its own factotum prog= ram, that's fine. The program is on a trusted machine. However, if your ter= minal boots off a fs, you have to trust the factotum program on that fs to = not steal your keys when executed. If you run factotum in a remote session,= you have to trust the server. If you have a single enclosed factotum key a= nd no way for the host to download the secrets directly, then you can use i= t even on an untrusted machine. > > > > Sure, you still need a way to edit the keys. Maybe a specific mount acc= ess using an additional secret for editing or something similar could be in= vented. > > > > In any case, I think for a fully trusted environment you probably don't= need a factotum key. I think the whole factotum and secstore stuff is buil= t around this level of trust (you trust the grid). If you consider a public= grid with multiple users and people who sign in as guests, I'd prefer to n= ot have my secrets uploaded into the memory of a machine that I can't contr= ol myself, if possible. And people do set up grids like that. That's why I = welcome experiments into that direction. Not to replace the current status = quo, but to extend it in a compatible way for different use cases. > > > > sirjofri ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-M49d8a= 21810679e15bff7ef46 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription