[jnwatson]

Part of it is community agreement. In order to mutually trust what we do on each others' machines, we give up some rights, including the ability to lie about what you executed on your own machine. It is the implicit agreement in Folding @home and many community computation projects, only this is better enforced.

Peer-to-peer computation is hard to implement because of the quite hairy social aspect of requiring a trust root that is out of direct control of the owner of the equipment.

[centimeter]

> In order to mutually trust what we do on each others' machines, we give up some rights

I trust what people do on their machines to the extent they can cryptographically prove it to me. Anything else is, for me, an unacceptable compromise.

[Spivak]

Which, given that you believe that SGX hasn’t been compromised yet, is exactly what you get!

[centimeter]

> given that you believe that SGX hasn’t been compromised yet

Who the hell would believe that?

[mindslight]

That may sound like a worthwhile goal, but it's actually ripe for abuse by exacerbating existing power imbalances. For example, right now we just laugh at websites that insisting on imposing nonsensical requirements on end users (client side form validation, insistence on using a particular browser, disable copy/paste, anti-adblock, etc). Imagine they have the power to do this and succeed.

Furthermore, the actual implementation isn't likely to use a narrow proof that the running javascript hasn't been tampered with, but rather a blunt proof over the entire software environment. The outcome would basically be putting decades of personal computing freedom back in the box. Imagine needing to run Windows on your bona fide desktop and not being able to virtualize it or even use a headless box via RDP.

[anonymousDan]

Why? SGX allows you to attest the contents of the enclave independently of the host software stack (OS/hypervisor, other apps).

[mindslight]

I was speaking to the general concern.

A small sandbox isn't a full threat in the manner I laid out, just the same owner-is-hostile dynamic.

If attestation keys were only rooted in the processor itself (ie not signed by Intel/AMD) and users could load their own, the worthwhile properties of hardened hardware would be preserved without making the owner an enemy.