From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_ZEN_BLOCKED_OPENDNS,URIBL_DBL_BLOCKED_OPENDNS, URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.4 Received: from txout-a3-smtp.messagingengine.com (txout-a3-smtp.messagingengine.com [103.168.172.226]) by inbox.vuxu.org (Postfix) with ESMTP id 9B6A623543 for ; Wed, 31 Dec 2025 17:26:41 +0100 (CET) Received: from localhost.localdomain (phl-topicbox-01.internal [10.202.2.219]) by mailtxout.phl.internal (Postfix) with ESMTP id 7BA651C0355 for ; Wed, 31 Dec 2025 11:26:41 -0500 (EST) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=lSIHleaG header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:date:from:in-reply-to :mime-version:content-type:content-transfer-encoding:list-help :list-id:list-post:list-subscribe:reply-to:list-unsubscribe; s= sysmsg-1; t=1767198401; bh=hHr4digZcvBfdf0u/psKefVWKAbfAlwwBrx7h jhEjqA=; b=SRNhET0cD94f61/C7yVH7smsGMXBiKtNbK3ThHMZfwFSkx/aYm8AM 6zgAMfCPKJ8HrX2oUFu7JXUjXJP0PbCJQb6tIh7yNKA+t12NZCK9yVppIn7bx4S1 bxP21s00tAxW+PZJIjrTTADic5dSMt9wX0m/MmmSTyoKQLvgSQs6SA= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1767198401; b=tQILN8EWzRS0w5Pi642hZwDx36k3pHnSpjqcaqstPwiXWb1saS y8ybmreheutEbZgSpuJqONgU57Vjewj4rd6YEAuQwgh46e6+0ZDG3JQQR9dT6ctK 1T5mtLDhYYwPp963Q12vvVeDP7m8cVD6yhWhIzUyTi86vHUAzwHhIFW/k= Authentication-Results: topicbox.com; arc=pass; dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=lSIHleaG header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=lSIHleaG header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: kusuri.pikopiko.org,eigenstate.org,nokogiri.pikopiko.org,mail.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=message-id :to:subject:date:from:in-reply-to:mime-version:content-type :content-transfer-encoding:list-help:list-id:list-post :list-subscribe:reply-to:list-unsubscribe; s=dkim-1; t= 1767198401; x=1767284801; bh=hHr4digZcvBfdf0u/psKefVWKAbfAlwwBrx 7hjhEjqA=; b=dOmPhMDCTgi/yN3xROBqbnryLzmWgfcH80F0SKjRGMvT0LkNweh mL9oU5YYnTA3OnGfAdxWo/IgyP+oXlPN8zE/bEsOtbqu0iIKXaPPlYNGQcrU1bhy 27AJcgX4Fc9yv9D3ys7/m3VbaCP1kl61zkNXIH5+Vwq0rfDK579iWtY8= Received: from authmilter.topicbox.com (unknown [172.17.0.1]) by mx.topicbox.com (Postfix) with ESMTP id F42124D80531 for <9fans@9fans.net>; Wed, 31 Dec 2025 11:26:36 -0500 (EST) Received: from mx.topicbox.com (172.17.0.1 [172.17.0.1]) by authmilter.topicbox.com (Authentication Milter) with ESMTP id EA069F7AB09; Wed, 31 Dec 2025 11:26:36 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1767198396; b=hJQCHuzDV51aD5SNNdGouILPPeB+DawJUEQfmE+db3flX8gEoQ aASZzWL1vb5DXVE9kUwEHzdOb2aUQ63Zkq6uwaOcingDYoTAuo4NwFtUn4xkU+HR FlVCNFxitLLwOP+JRUB7p1no3qsLwVrmLnycjXjzfuWgeoOQPe6Gb/f9j77WgmXD N6IJkrVax66DCW+rotJfnBGZOvD+y8V5Gz1GJ53+0v/Xfr9hJ5IT5FqBRCJxanQw +uDAaO3XUoU8TX2sjv8Ir5Q+bXs5e+jcxHugFhpRP41Yux8zhrHV/BUX1U31LXlr clHh+vmk8Z5JqNISDAq0uvwtP/AhBG8Ag4tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:date:from:in-reply-to :mime-version:content-type:content-transfer-encoding; s=arcseal; t=1767198396; bh=NUEYLiAqOnQ1mZCtUKWu8mYLwHNpOXbOcYxBr04CUg4=; b= lz0K4Bb4tetSoG1/aBAJnc6h1fevpsW/w8PnM9o54GhPjpo4wOrfw084bSLtke4Q 8oHbaUcF7RbIUpT7dl1BpFquQO2XEM99e26MAylEgiOXPiowUPfqnMtnbeAUPxoR U0PELFEO+9ab6SQJVfMIkb1O3V4lTTUDppbK2gUW9yZkuPt8EXz8EdIWz/VSrazv fJXtGsG6ojIUEjKz/+oTAcRFMqK4fAwsoRDVME8cQ4wd/+vUA4VFnGw0LqvvmHSZ 63KyQk4J65n5mj3u3OLys83M9s2xIB0GF+nJwodOzkViY22itS0X/UsUQY6sX/ca glSmMbldMeOIRkZtlyr4hA== ARC-Authentication-Results: i=1; authmilter.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=lSIHleaG header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: kusuri.pikopiko.org,eigenstate.org,nokogiri.pikopiko.org,mail.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org,eigenstate.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdekfeefkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkffvuf ffhfgjgggtgfesthejjedttddtvdenucfhrhhomhepohhrihesvghighgvnhhsthgrthgv rdhorhhgnecuggftrfgrthhtvghrnhepvdehtdeffeetgeelhfegkeehhfeuhfehvddvie duueehjeetgeevkeeitdevuefhnecukfhppedvtdeirdduvdegrddufedvrddutdejpddu tdekrdeirddvgedrvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvg htpedvtdeirdduvdegrddufedvrddutdejpdhhvghlohepmhhimhhirhdrvghighgvnhhs thgrthgvrdhorhhgpdhmrghilhhfrhhomhepoehorhhisegvihhgvghnshhtrghtvgdroh hrgheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepoeelfhgrnhhsseelfhgrnhhs rdhnvghtqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (eigenstate.org: 206.124.132.107 is authorized to use 'ori@eigenstate.org' in 'mfrom' identity (mechanism 'ip4:206.124.132.96/28' matched)) receiver=authmilter.topicbox.com; identity=mailfrom; envelope-from="ori@eigenstate.org"; helo=mimir.eigenstate.org; client-ip=206.124.132.107 Received: from mimir.eigenstate.org (mimir.eigenstate.org [206.124.132.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Wed, 31 Dec 2025 11:26:34 -0500 (EST) Received: from mimir.eigenstate.org (localhost [127.0.0.1]) by mimir.eigenstate.org (OpenSMTPD) with ESMTP id d3bea40b for <9fans@9fans.net>; Wed, 31 Dec 2025 08:26:33 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=eigenstate.org; h=message-id :to:subject:date:from:in-reply-to:mime-version:content-type :content-transfer-encoding; q=dns; s=mail; b=Lx/LhJgvaOw5h91+N/V bVPCUXrr2u5RgMT1V1/gPQ0bEOJsnbnrPDbrDVl/IH4mO92ApAn7K4krJefwj58s hF4mJTU83zr8MWsO0yCsFePtVqbKJjWDbtDCFbSW//AisKNXV64kzcQMSzRUT8iG BajxyqGcEaBQi1VEptpR/1V4= Received: from abbatoir.orib.home (pool-108-6-24-2.nycmny.fios.verizon.net [108.6.24.2]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 565e4e03 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9fans@9fans.net>; Wed, 31 Dec 2025 08:26:33 -0800 (PST) Message-ID: To: 9fans@9fans.net Subject: Re: [9fans] Solo factotum Date: Wed, 31 Dec 2025 11:26:31 -0500 From: ori@eigenstate.org In-Reply-To: <8716F627-36EE-445A-B4B4-754C9136596E@quintile.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Topicbox-Policy-Reasoning: moderate: sender is an admin; group holds all messages Topicbox-Message-UUID: 7b097194-e665-11f0-8a30-d2006cc11ef0 Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UYTYwNzUyNjYzZmYwODQ0OC1NMTIxNzEyNTlkZWU3YTRjZWZkYWFk?= =?UTF-8?B?ODFmPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M12171259dee7a4cefdaad81f:1:zFDFOkT-CcvTwZMRw7i1xXJm5WOEH0lFN5_jdyInZOo Quoth Steve Simon : > how would the proposed device improve on this? - honest question. By design, keys never leave factotum; A kernel exploit could break that guarantee. Separate hardware means the factotum wouldn't share a kernel with possibly compromised or hostile software. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-M12171= 259dee7a4cefdaad81f Delivery options: https://9fans.topicbox.com/groups/9fans/subscription