[Cryptography] Verified privacy and VPNs
Paul Wouters
paul at nohats.ca
Tue Oct 14 11:54:42 EDT 2025
On Tue, 9 Sep 2025, Mark Karpelès wrote:
> Specifically, we’ve made it possible during the connection to measure
> the software running on the server thanks to Intel’s SGX and verify
> that the host is running our software. We have today released the
> source code for the software, which anyone can compile and verify the
> generated binary’s hash (MRENCLAVE) matches the host attestation.
You might be interested in attested TLS, see:
https://datatracker.ietf.org/wg/seat/about/
https://mailarchive.ietf.org/arch/browse/seat/
and for older discussion (the Working Group just had to rename from SEAL
to SEAT):
https://mailarchive.ietf.org/arch/browse/seal/
As for doing this to a VPN server, I don't understand the use case.
Since the unencrypted/decrypted packets are available outside the
enclave, what does this protect against?
Paul
More information about the cryptography
mailing list