
Triangle of Secure Code Delivery (2014) - CiPHPerCoder
https://defuse.ca/triangle-of-secure-code-delivery.htm
======
buu700
_Can we build a secure code delivery system for the web, too? If we had a one
built into our browsers, security would be a whole lot better. There would be
no more compromised websites serving malware, and we could finally bring
usable crypto, like LastPass, Cryptocat, miniLock, and GlobaLeaks to the
masses._

Cyph (cyph.com) has exactly this; see cyph.team/websigndoc for more detail.

Cryptographic signatures are implemented, reproducible builds are on the way
in the near future, and a very basic non-decentralised userbase consistency
verification could be included in our planned reproducible build script by
comparing the package in one's local browser to the one on
github.com/cyph/cyph.github.io (which could eventually be migrated to a
blockchain or something).

~~~
CiPHPerCoder
I've heard of Cyph, in passing, before. I haven't had a chance to look at the
code yet. I presume
[https://github.com/cyph/cyph](https://github.com/cyph/cyph) is the repo for
the actual app?

~~~
buu700
Yep, that's it.

------
nickpsecurity
I'd start with the requirements for secure SCM's in general. Wheeler has
those:

[http://www.dwheeler.com/essays/scm-
security.html](http://www.dwheeler.com/essays/scm-security.html)

Then add endpoint security. Then add certified compilation to know compiler
passes don't add vulnerabilities. Then add reproducible builds, cryptographic
signing, and so on. Now one sees the scope of the problem. At this point, most
people will just ignore most of the problem in favor of implementing a subset
and saying they "secured the build and deployment process." ;)

~~~
CiPHPerCoder
On that note, definitely check out boringcc:
[https://groups.google.com/forum/#!topic/boring-
crypto/48qa1k...](https://groups.google.com/forum/#!topic/boring-
crypto/48qa1kWignU)

~~~
nickpsecurity
I was definitely glad to see that when he posted it. Getting some mainstream
attention. Meanwhile, CompSci has been doing things like CompCert C compiler,
strong analysis showing absence of common issues, and so on. We have stuff to
use right now at varying stages of completion. People just have to heed the
call and build on it.

