107 lines
5.1 KiB
HTML
107 lines
5.1 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE> [zapps-wg] Cut-off date for Powers of Tau Contributions
|
|
</TITLE>
|
|
<LINK REL="Index" HREF="/pipermail/zapps-wg/2018/index.html" >
|
|
<LINK REL="made" HREF="mailto:zapps-wg%40lists.zfnd.org?Subject=Re%3A%20%5Bzapps-wg%5D%20Cut-off%20date%20for%20Powers%20of%20Tau%20Contributions&In-Reply-To=%3CCAKazn3nJwzuxiQSHd94Xc8Seg5zM0G%3DA2vv-8oD7r8cAScZiYw%40mail.gmail.com%3E">
|
|
<META NAME="robots" CONTENT="index,nofollow">
|
|
<style type="text/css">
|
|
pre {
|
|
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
|
|
}
|
|
</style>
|
|
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
|
<LINK REL="Previous" HREF="000305.html">
|
|
<LINK REL="Next" HREF="000308.html">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#ffffff">
|
|
<H1>[zapps-wg] Cut-off date for Powers of Tau Contributions</H1>
|
|
<B>Sean Bowe</B>
|
|
<A HREF="mailto:zapps-wg%40lists.zfnd.org?Subject=Re%3A%20%5Bzapps-wg%5D%20Cut-off%20date%20for%20Powers%20of%20Tau%20Contributions&In-Reply-To=%3CCAKazn3nJwzuxiQSHd94Xc8Seg5zM0G%3DA2vv-8oD7r8cAScZiYw%40mail.gmail.com%3E"
|
|
TITLE="[zapps-wg] Cut-off date for Powers of Tau Contributions">sean at z.cash
|
|
</A><BR>
|
|
<I>Fri Mar 9 14:17:18 EST 2018</I>
|
|
<P><UL>
|
|
<LI>Previous message (by thread): <A HREF="000305.html">[zapps-wg] Cut-off date for Powers of Tau Contributions
|
|
</A></li>
|
|
<LI>Next message (by thread): <A HREF="000308.html">[zapps-wg] Cut-off date for Powers of Tau Contributions
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#307">[ date ]</a>
|
|
<a href="thread.html#307">[ thread ]</a>
|
|
<a href="subject.html#307">[ subject ]</a>
|
|
<a href="author.html#307">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
<HR>
|
|
<!--beginarticle-->
|
|
<PRE>As far as security goes, we've successfully guarded against all but
|
|
the most elaborate and unrealistic attack scenarios. The remaining
|
|
threats require some combinatorial explosion of individually
|
|
sophisticated attacks or breakthroughs, like stealthy backdoors in the
|
|
Rust compiler and still for many participants to be colluding in
|
|
secret, somehow without leaving evidence behind.
|
|
|
|
We don't need an absolutely perfect ceremony to get strong privacy
|
|
guarantees, we get that already even with a totally compromised
|
|
ceremony. We *could* continue to invest time and resources for many
|
|
more months or years in order to make us marginally more resistant to
|
|
these absurd attack scenarios, but by the time we'd be finished with
|
|
the ceremony we'll probably have better proving systems available
|
|
anyway. It's silly to let privacy languish in the meantime.
|
|
|
|
I think we did the best with the time we had, but if you disagree,
|
|
remember that all of this can be extended and improved by anyone, even
|
|
after this ceremony is done!
|
|
|
|
Sean
|
|
|
|
On Fri, Mar 9, 2018 at 11:06 AM, Peter Todd <<A HREF="/mailman/listinfo/zapps-wg">pete at petertodd.org</A>> wrote:
|
|
><i> On Fri, Mar 09, 2018 at 04:49:37PM +0000, Devrandom wrote:
|
|
</I>>><i> Hi all,
|
|
</I>>><i>
|
|
</I>>><i> I have some concerns about the lack of diversity of contributions:
|
|
</I>>><i>
|
|
</I>>><i> - most (all?) of the contributions used a distributed Rust toolchain, which
|
|
</I>>><i> suffers from the "trusting-trust" issue since they are self-compiled. I
|
|
</I>>><i> don't think I've seen any contributions using the mrustc build path.
|
|
</I>>><i> - there were very few contributions (two?) using the golang implementation
|
|
</I>>><i> - no attempt has been made to replicate the deterministic golang build
|
|
</I>>><i> - people did not capture the binary they used, so we can't do forensics in
|
|
</I>>><i> case of future questions
|
|
</I>>><i> - there were no contributions using alternative processor architectures
|
|
</I>>><i> (e.g. ARM64). I believe this is possible using the golang implementation.
|
|
</I>>><i> - there was a lot of focus on destroying toxic waste and not enough on the
|
|
</I>>><i> trustworthiness of the tools
|
|
</I>><i>
|
|
</I>><i> I agree with all these points, particularly the latter: we should be focused on
|
|
</I>><i> genuine security, not flashy marketing stunts. (indeed, I regret the way my own
|
|
</I>><i> participation was marketted the last time around)
|
|
</I>><i>
|
|
</I>><i> --
|
|
</I>><i> <A HREF="https://petertodd.org">https://petertodd.org</A> 'peter'[:-1]@petertodd.org
|
|
</I>
|
|
</PRE>
|
|
|
|
<!--endarticle-->
|
|
<HR>
|
|
<P><UL>
|
|
<!--threads-->
|
|
<LI>Previous message (by thread): <A HREF="000305.html">[zapps-wg] Cut-off date for Powers of Tau Contributions
|
|
</A></li>
|
|
<LI>Next message (by thread): <A HREF="000308.html">[zapps-wg] Cut-off date for Powers of Tau Contributions
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#307">[ date ]</a>
|
|
<a href="thread.html#307">[ thread ]</a>
|
|
<a href="subject.html#307">[ subject ]</a>
|
|
<a href="author.html#307">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
|
|
<hr>
|
|
<a href="/mailman/listinfo/zapps-wg">More information about the zapps-wg
|
|
mailing list</a><br>
|
|
</body></html>
|