docs/security.md

3.6 KiB

Web Content Signing via Service Workers

Web Request Signing via WebAuthn

  • Implementation:
    • Collect WebAuthn public keys for one or more devices for all users
    • External Authenticators: Yubikey, Nitrokey, Ledger, Trezor, Solokey, etc.
    • Platform Authenticators: iOS 13+, Android 7+, Windows Hello, many Chromebooks
    • Certify Webauthn public keys with trusted enclave
    • Webauthn sign all impacting web requests like trades and transfers
    • Private key enclaves validate request signatures before signing trades and transfers
  • Protections:
    • Compromised insider tampering with backends
    • TLS MITM
  • Resources:

Internal Supply chain integrity

External Supply chain integrity

Accountable Airgapped Workflows

  • Implementation
    • Multiple parties compile deterministic airgap OS and firmware
    • Multiple parties sign airgap os/firmware artifacts
    • New laptop acquired by multiple parties
    • Trusted firmware loaded, verifying signed hash with existing firmware
    • CA key pinned into firmware, and external TPM verification device
    • Laptop stored in highly tamper evident vault requiring multiple parties for access
    • Laptop firmware verifies multi-party signature on flash-drive iso and any scripts
    • Participants verify date and ensure it is the latest and expected version
  • Protections
  • Tampering by any single compromised insider
  • Tampering by any single compiler or build system
  • Resources: