zlacker

[return to "Remote Attestation is coming back"]
1. walter+fl[view] [source] 2022-07-30 01:50:57
>>gjsman+(OP)
Prior thread, https://news.ycombinator.com/item?id=32234561

> On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.

With owner-operated OSS MDM & attestation servers, PCs can have diverse, owner-customized OS and configs, reducing monoculture binary blobs.

◧◩
2. userbi+9n[view] [source] 2022-07-30 02:21:46
>>walter+fl
PCs can have diverse, owner-customized OS and configs,

...which won't be able to interact with any of the walled gardens which will be enabled by these same technologies.

◧◩◪
3. walter+nn[view] [source] 2022-07-30 02:24:51
>>userbi+9n
That cuts in both directions. If sufficiently large customers run their own attestation servers, the discussion moves from binary yes/no attestation to the details of interoperable measurements, single-purpose OS components and provable security vs vendor lock-in.

Walled gardens care about including their large customers, so it's not as simple as locking them out. There is also an ongoing EU legislative effort to mandate digital platform interoperability, which will likely apply to attestation.

[go to top]